• Online, Instructor-Led
Course Description

This course shows Java web developers how to secure their applications and to apply best practices with regard to secure enterprise coding. Authentication, authorization, and input validation are major themes, and students get good exposure to basic Java cryptography for specific development scenarios, as well as thorough discussions of HTTPS configuration and certificate management, error handling, logging, and auditing.

Learning Objectives

Learn to develop secure Java web applications, or to secure existing applications by refactoring as necessary. Learn to define security constraints and login configurations that instruct the web container to enforce authentication and authorization policies. Learn to guard against common web attacks including XSS, CSRF, and SQL injection and to validate user input aggressively, for general application health and specifically to foil injection and XSS attacks. Learn to configure a server and/or application to use one-way or two-way HTTPS, to apply application-level cryptography where necessary and to store sensitive information securely, hash user passwords, and understand the importance of salting and of using slow hashing algorithms and processes, to maximize the safety of stored credentials. Learn to secure log files and establish audit trails for especially sensitive information or actions.

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.