• Classroom
  • Online, Instructor-Led
  • Online, Self-Paced

This secure coding course will teach students how to build secure Java applications and gain the knowledge and skills to keep a website from getting hacked, counter a wide range of application attacks, prevent critical security vulnerabilities that can lead to data loss, and understand the mindset of attackers.

The course teaches you the art of modern web defense for Java applications by focusing on foundational defensive techniques, cutting-edge protection, and Java EE security features you can use in your applications as soon as you return to work. This includes learning how to:

  • Identify security defects in your code
  • Fix security bugs using secure coding techniques
  • Utilize secure HTTP headers to prevent attacks
  • Secure your sensitive representational state transfer (REST) services
  • Incorporate security into your development process
  • Use freely available security tools to test your applications

Great developers have traditionally distinguished themselves by the elegance, effectiveness and reliability of their code. That is still true, but the security of the code now needs to be added to those other qualities. This unique SANS course allows you to hone the skills and knowledge required to prevent your applications from getting hacked.

Learning Objectives

Use a web application proxy to view and manipulate HTTP requests and responses

Review and perform basic exploits of common web application vulnerabilities, such as those found among the SANS/CWE Top 25 Most Dangerous Software Errors and the OWASP Top 10:

  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • SQL injection
  • Parameter manipulation
  • Open redirect
  • Session hijacking
  • Clickjacking
  • Authentication and access control bypass

Mitigate common web application vulnerabilities using secure coding practices and Java libraries, including:

  • Input validation
  • Blocklist and Allowlist validation
  • Regular expressions
  • Output encoding
  • Content Security Policy
  • Client-side security headers

Build applications using:

  • Java Enterprise Edition authentication
  • Basic and form-based authentication
  • Client certificates
  • Secure Sockets Layer/Transport Layer Security (SSL/TLS)
  • Java Secure Sockets Extension
  • Secure password storage techniques
  • Java Cryptography Architecture
  • Security Manager

Implement a secure software development lifecycle, including code review, static analysis and dynamic analysis techniques.

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.