This course shows Java web developers how to secure their applications and to apply best practices with regard to secure enterprise coding. Authentication, authorization, and input validation are major themes, and students get good exposure to basic Java cryptography for specific development scenarios, as well as thorough discussions of HTTPS configuration and certificate management, error handling, logging, and auditing.
Learn to develop secure Java web applications, or to secure existing applications by refactoring as necessary. Learn to define security constraints and login configurations that instruct the web container to enforce authentication and authorization policies. Learn to guard against common web attacks including XSS, CSRF, and SQL injection and to validate user input aggressively, for general application health and specifically to foil injection and XSS attacks. Learn to configure a server and/or application to use one-way or two-way HTTPS, to apply application-level cryptography where necessary and to store sensitive information securely, hash user passwords, and understand the importance of salting and of using slow hashing algorithms and processes, to maximize the safety of stored credentials. Learn to secure log files and establish audit trails for especially sensitive information or actions.
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.