The course will present security guidelines and considerations in Java Web Applications Development. The participants will learn the basics of application security, how to enforce security on a J2EE application, enabling standard J2EE security mechanisms and more importantly why to implement security. The course revolves around testing and fixing of issues filed under OWASP TOP 10.
Objectives of the course
Upon completion of this course, participants will be able to:
- Understand the need for security
- Understand the security threats
- Design and develop secured J2EE applications
- Design & develop application using ESAPI ( Enterprise Security API by OWASP)
Who should attend this course?
- Java developers wishing to improve their security skills
- Development & System Architects wishing to improve their security skills and awareness
- Module 1: Introduction & Case Study
- Module 2: Knowing Security Testing Methodologies
- Module 3: Application Security – Overview
- Threat Modeling Objective
- Terminologies Used
- Threat Profiling
- STRID Model
- DREAD Model
- Practical Consideration
- Threat Modeling Tools
- Using Web Application Proxy
- Burp Suite
- OWASP Top 10
- A2-Broken Authentication and Session Management
- A3-Cross-Site Scripting (XSS)
- A4-Insecure Direct Object References
- A5-Security Misconfiguration
- A6-Sensitive Data Exposure
- A7-Missing Function Level Access Control
- A8-Cross-Site Request Forgery (CSRF)
- A9-Using Components with Known Vulnerabilities
- A10-Unvalidated Redirects and Forwards
- Beyond OWASP
- Abuse of functionality
- Denial of Service
- Server Vulnerabilities
- Authentication & Authorization Issues
- From File Inclusion to Remote Code Execution
- API/CMS Based Vulnerabilities
- Diving from WEB to LAN
- Business Logic Testing
- Flash Based Attacks
- iFrame Attacks
- Automated Scanner
- Profiling Scans
- Interpreting Results
- Identifying False Positives
- OWASP ESAPI Security
- Spring Security
- JSR 303 Validator
- Validation Concerns
- Session Management Best Practices
- Authentication & Authorization Issues
- CSRF Fixes
- Secure File Upload
- Preventing File Inclusions
- Issues with Randomization
- Understanding Cryptography
- web.xml Security Best Practices
- Error handling and logging
- Developer v/s InfoSec Team
- Why SCA
- SCA during SDLC
- Languages and Framework Supported
- Vulnerability Checks
- Integration in the Software Development Process
- Report Reading
- Identification of False Positive
- Getting ROI of an SCA
Faculty is very good trainer with good ordinary skill. Has in depth knowledge and can deliver knowledge easily. The course met its objective.
Narendra Laxman Pitale, A.O., LIC
Good knowledge and presentation. Yes by giving introduction to security threats and tools and techniques to avoid hacking. Yes, by expending the duration of course and selecting single topic.
Sweta Yadav, AO IT, LIC
Yes it was relevant to the work.
Venu S., LIC
Faculty was excellent and had in-depth knowledge about the matter. The objective has met to a certain extent. The quality of the course is improved by more hands on sessions.
Vimalesh Kumar, Admin Officer, LIC
Faculty was knowledgeable. Yes the course met its objective.
KulenKalita, AO, LIC
Faculty was knowledgeable and able to explain the concepts clearly. Yes the course has helped to understand the various risk elements to the application and how to mitigate the same.
Subansh Kumar, AO-Developer, LIC
The course duration was short. May be extended to 4 days. To improve the course more practical training can be added.
Chandrashekhar Dattatraya Tendulkar, AO, LIC
Faculty is excellent, knowledgeable and has command over the topics covered.
Salil Vishnu Tendulkar, AO, LIC
Explaining the treats happening in industry in current environment. Yes the course met its objective. Hands on should be more and course can be extended for a day.
VB SudhakarBachimanchi, AO Developer, LIC
Outstanding faculty, very clear on items to be covered. The course met its objective, but little more is required. The quality of the course can be improved by making this training for 3 days, so that more inputs can be taken.
Anupam Patranabish, Developer, LIC
Quite knowledgeable. Yes the course met its objective to some extent.
Mona Shrikhande, AO Developer, LIC
We wish to thank Ms.Rutuja and Ms.Chaitali for having taken so much efforts and pain for conducting the secure java training for us. I have also done teaching some time back hence when we come across a good teacher, we do appreciate. Some teachers just tell, some explain, some teachers demonstrate, some teachers transfer knowledge but very few teachers inspire.
Ramesh Monde, Sr Developer- Java, Saraswat Infotech Ltd
Faculty is having good knowledge about the Security Concept from their learning. She is having very good concept & demonstrated technique.
Prashant V. Bharambe, Software Engineer
Faculty is having depth, mastery over the subject. She is enthusiastic. Concepts were clearly demonstrated by her. Very good communication skills.
Ramesh Monde, Senior Developer
Faculty is great, knowledgeable, approachable instructor. I enjoyed & learnt a lot from the course & from him. My only suggestion is to give the course structure (i:e break time & time –table) before hands.
Azam Al Fayor, Personnal Department, Aramco
Faculty is outstanding instructor who simplified this course into an interactive course.
Abdulaziz Alanmed , Aramco
Faculty is an excellent instructor.
Mujed Rasheed, Aramco
Faculty has well established his credibility by showing real cases, that demonstrated his great knowledge
Sultan Almutairi, Aramco
Good topic on OWASP 10. Content was very good. Over all Satisfied.
Nilesh Pujari, Software Developer- IndusInd bank
It is very good session covered all OWASP top 10 points
Amit Kumar, DM- IndusInd bank
The session was very good, covered all OWASP Top 10 points
Kalpesh Sanghani, AM- IndusInd bank
It is very good experience to learn Web Security and the teacher is very Technically sound and the classes are very good.
Joseph Chacko, Analyst Programmer- IndusInd bank
It is very good experience to learn about Web Security and the way teacher teach us, it is very good and understanding.
Bilal Dafedure, Manager IT- IndusInd bank.
The training helped in understanding application security and its importance along with implementation of Secure Coding Practices.
Deepak Sahu, Analyst Programmer- IndusInd bank
The course has given me comprehensive knowledge of application security and enhance the same highly secure Web Application development.
Zujar Kanchwala, Module Lead- IndusInd Bank
Session is very good, covered all the OWASP Top 10 with proper fixes and available examples. Great training session and interesting. Challenging topics- have learned lots of new things.
Swapnil Dube, Analyst Programmer- IndusInd bank
Very knowledgeable and good with teaching to the point and convincing
Aniket Dorwat, Sr Software Engineer, Xoriant Solutions
Clear on knowledge and ability to explain complex concepts in simple term which could be easily be understood. It created an awareness about the intensity of Security Threats to Application
Yogesh Kadhav, Software developer, Xoriant Solutions
Faculty is having excellent knowledge in this area. Tries to clear out at his best. It has created awareness for security in coding and also, in other leads, increased my interest to go further in detail
Manisha Palan, Software developer, Xoriant Solutions
This is a very good course. Rohit has a very knowledge of security with good capacity to explain and present the subject. A good knowledge about the implementation of security is gained. This will be helpful in future
Mali Digambar, Software developer, Xoriant Solutions
It was an eye opener and the faculty was extremely good, informative from end to end. Completely curved by the knowledge possessed and the training was extremely good.
Arun Gopava Krishnan, Senior Manager, Standard Chartered
Training was great
Sivaraman Pathsavy, Manager Technical, Standard Chartered
Very good and useful training with online demos
Rajkumar K, Associate Vice President, Standard Chartered
Course coverage is excellent
K Thanigaivasan, Business Solution Manager, Standard Chartered
Very good and Interactive session.
Murugaraj, Development, Standard Chartered