Home    |    Instructor-led Training    |    Self-Paced Learning    |    Online Training          Email Us   Phone :
Contact Us   -   About Us   -   Clients    
Loading
Courses
A+
ADA
Adobe
AJAX
Android
Apache
AutoCAD
Business Analysis
Business Objects
Business Skills and Technology
C++ programming
Cisco
Citrix
Cloud Computing
COBOL
Cognos
ColdFusion
COM/COM+
CORBA
Corel
Crystal Reports
Datawarehousing
DB2
Desktop Application Software
DNS
Embedded Systems
Enterprise Architecture
Google Web Toolkit (GWT)
IPhone
ITIL
Java
JBoss
LDAP
Leadership Development
Legato
Lotus
Macintosh
Mainframe programming
Microsoft technologies
MS Access
MultiMedia and design
.NET
Network+
New Manager Development
Object oriented analysis and design
OpenVMS
Oracle
Perl
PHP
PowerBuilder
Professional Development
Professional Soft Skills Workshops
Project Management
Quality Center/Quick Test
Rational
Sales Performance
SAP
SAS
Security
SharePoint
SOA
Software Engineering
Software quality and testing
SQL Server
Sybase
Telecommunications
Tivoli
Tomcat
Unix/Linux/Solaris/AIX/
HP-UX
Visual Basic
Visual Foxpro
VMware
Web 2.0
Web Development
WebLogic
WebSphere
Websphere MQ (MQSeries)
Windows programming
XML
XML Web Services
Java Development for Secure Systems
Rev. 5.0
Java Training Overview

This course exposes students to the broad range of challenges and techniques that is "Java security." As there is not one security problem for Java applications and components, but many, so there are many diverse solutions, found in various places in the Java architecture. This course starts with basic concepts of code security -- access controllers, permissions, and policies -- and good secure-coding practices. It introduces key and certificate management and code signing, and takes students through exercises in basic cryptography skills using the appropriate Java APIs; but then the heavy focus is on the Java Authentication and Authorization Service, or JAAS, and its increasing role in J2EE security.

The course emphasizes hands-on exercise, and students will spend more than half of their classroom time solving specific security problems. Most labs are organized as scenarios in which a security breach of existing software is possible - students begin by hacking the system in some way. Then the work of the lab is to tighten up the software to eliminate the threat: set a secure policy, sign a file, clean up overexposed parts of an API, require user login, etc.

Java Training Prerequisites

  • Solid Java programming experience is assumed - both structured and object-oriented techniques.

  • Some knowledge of J2EE architecture and development is also required, though extensive practical experience with J2EE development is not strictly necessary. Our Course offers a one-day overview of J2EE development, including architecture and working examples..
Java Training Learning Objectives

After completing this course, the student should be able to:
  • Understand how the Java language and standard-platform architecture solve many low-level security problems for all Java code.
  • Design and implement security policies for Java applications, servers, and components.
  • Manage keys and certificates for a Java application, and sign code sources as necessary.
  • Practice secure design and coding, and balance usability with security in UI and API.
  • Sign and verify application data and messages using the JCA, and encrypt/decrypt using the JCE.
  • Incorporate JAAS authentication into an application.
  • Implement a JAAS LoginModule to connect to your own application data.
  • Secure J2EE applications by URL and role, and integrate JAAS authentication.
Java Training Course duration

5 days

Java Training Course outline

1. J2SESecurity
  • Holistic Security Practices
  • Threats to the User
  • Protections in the Java Language
  • The Class Loader and Bytecode Verifier
  • System Classes and the Core API
  • SecurityManager and AccessController
  • Permissions
  • Implication
  • CodeSources
  • Policies
  • Configuring J2SE Security
  • Dynamic Policies
  • Privileged Actions
2. Code Signature and Key Management
  • Encryption and Digital Signature
  • Keystores
  • Keys and Certificates
  • Certificate Authorities
  • The KeyStore API
  • Signing JARs
  • Signed CodeSources
  • Additional Policy Semantics
3. Secure Development Practices
  • Threats to the Code
  • Presentation-Tier Vulnerabilities
  • MVC and Security
  • Validating User Input
  • Injection Attacks
  • Business-Tier Vulnerabilities
  • Final Classes and Methods
  • Inner Classes and Objects
  • Singletons, Factories, and Flyweights
  • Methods, Collections, and Data Hiding
  • Sealing JARs
  • Code Obfuscation
  • Logging and Auditing
  • Object Serialization
4. Cryptography
  • Threats to Identity and Privacy
  • The Java Cryptography Extensions
  • The Signature Class
  • SignedObjects
  • The Java Cryptography Extensions
  • SecretKeys and KeyGenerator
  • The Cipher Class
  • Dangerous Practices
  • HTTP and JSSE
5. JAAS
  • Pluggable Authentication Logic
  • JAAS
  • Packages and Interfaces
  • Subjects and Principals
  • ANDs and ORs
  • Impersonation Methods
  • Permissions for JAAS Use
  • LoginContext and LoginModule
  • Configuring JAAS
  • CallbackHandler and Callbacks
  • Implementing a JAAS Client
  • Implementing a LoginModule
6 . J2EE Security
  • Threats for Enterprise Software
  • J2EE Servers as Code Hosts
  • Tomcat Security Configuration
  • Securing URLs
  • Declaring Roles
  • Securing EJBs
  • Programmatic Security
  • JAAS in J2EE
  • Realms and LoginModules
  • JAAS in Tomcat
  • Certifying a J2EE Application
  • HTTPS Configuration
Appendix A.Learning Resources



System Requirements

Minimum Hardware Requirements

  • 500 MHz, 256 meg RAM, 500 meg disk space
Minimum Software Requirements

  • All free downloadable tools.
Hardware – recommended

  • 1.5 GHz, 512 meg RAM, 1 gig disk space
Operating system

  • Tested on Windows XP Professional. Course software should be viable on all systems which support a J2SE 5.0 JDK.
Contact Information
WINTRAC INC. - the one stop shopping center for IT training.
16523 S.W. McGwire Ct. Beaverton OR -97007
Phone: (503) 259-0312
Fax: 707-598-2268
Email: sales@wintrac.com

Send mail to webmaster@wintrac.com with questions or comments about this web site.
Copyright © 2011 Wintrac Inc.