- Home
- /
- Security
- /
- IT Security
- /
- JAVA
- /
- Web application security masterclass...
Web application security masterclass in Java
Schulungsinhalt
Day 1
- Cyber security basics
- What is security?
- Threat and risk
- Cyber security threat types – the CIA triad
- Consequences of insecure software
- Constraints and the market
- The OWASP Top Ten 2021
- The OWASP Top 10 2021
- A01 – Broken Access Control
- Access control basics
- Failure to restrict URL access
- Confused deputy
- File upload
- Open redirects and forwards
- Cross-site Request Forgery (CSRF)
- A02 – Cryptographic Failures
- Information exposure
- Cryptography for developers
Day 2
- A02 – Cryptographic Failures (continued)
- Cryptography for developers
- Certificates
- A03 – Injection
- Injection principles
- Injection attacks
- SQL injection
- Code injection
- HTML injection – Cross-site scripting (XSS)
Day 3
- A03 – Injection (continued)
- Input validation
- A04 – Insecure Design
- The STRIDE model of threats
- Secure design principles of Saltzer and Schroeder
- Client-side security
Day 4
- A05 – Security Misconfiguration
- Configuration principles
- Server misconfiguration
- Cookie security
- XML entities
- A06 – Vulnerable and Outdated Components
- Using vulnerable components
- Assessing the environment
- Hardening
- Untrusted functionality import
- Vulnerability management
- A07 – Identification and Authentication Failures
- Authentication
- Session management
- Password management
- A08 – Software and Data Integrity Failures
- Integrity protection
Day 5
- A08 – Software and Data Integrity Failures (continued)
- Subresource integrity
- Insecure deserialization
- A09 – Security Logging and Monitoring Failures
- Logging and monitoring principles
- Insufficient logging
- Case study – Plaintext passwords at Facebook
- Log forging
- Log forging – best practices
- Case study – Log interpolation in log4j
- Case study – The Log4Shell vulnerability (CVE-2021-44228)
- Case study – Log4Shell follow-ups (CVE-2021-45046, CVE-2021-45105)
- Lab – Log4Shell
- Logging best practices
- Monitoring best practices
- A10 – Server-side Request Forgery (SSRF)
- Server-side Request Forgery (SSRF)
- Case study – SSRF and the Capital One breach
- Web application security beyond the Top Ten
- Code quality
- Denial of service
- Security testing
- Security testing techniques and tools
- Code analysis
- Dynamic analysis
- Security testing techniques and tools
- Wrap up
- Secure coding principles
- And now what?
Zielgruppe
Java developers working on Web applications.
Seminarziele
- Getting familiar with essential cyber security concepts
- Understanding how cryptography supports security
- Learning how to use cryptographic APIs correctly in Java
- Understanding Web application security issues
- Detailed analysis of the OWASP Top Ten elements
- Putting Web application security in the context of Java
- Going beyond the low hanging fruits
- Input validation approaches and principles
- Managing vulnerabilities in third party components
- Getting familiar with security testing techniques and tools
Vorkenntnisse
General Java and Web development.
Seminardauer
5 Tage
Preis
Präsenzseminar/FLEXINAR®:
3750,00 € (4,462,50 € inkl. 19% MwSt.)
LIVEINAR®:
3750,00 € (4,462,50 € inkl. 19% MwSt.)
Individual Training: Preis auf Anfrage
Inhouse Training: Preis auf Anfrage
Seminarnummer
S-1540
Ihr Berater
Martin Heubeck
Group Leader Sales
Martin Heubeck
Group Leader Sales
- martin.heubeck@protranet.de
Beratungszentrale und Buchungshotline:
- 0800 3400311
- beratung@protranet.de
Kataloge
Formate
Dieses Seminar können Sie als Präsenzseminar, online als LIVEINAR® oder im flexiblen Mix als FLEXINAR® buchen. 
MEHR ERFAHREN
