Tag: security

Description

Security by design is a fundamental approach, nowadays every Java developer should implicitly consider it while writing any piece of code, even though it might or might not be an explicit quality attribute.

This course reveals key concepts, principles, and approaches that are used to design applications where security is a first-class quality attribute. Upon completion, you’ll have a thorough understanding of security principles that you can apply to your project.

Key concepts covered in this course

  • Security design principles (e.g. least privilege, defense in depth, minimization, compartmentalization, simplicity, fail securely, etc)
  • OAuth 2.0 grant types
    • Implicit Flow
    • Password Grant
    • Client Credentials
    • Authorization Code
  • Refresh/access tokens
  • APIs (micro)services security
    • Token introspection
    • JSON Web Key Set (JWKS)
    • Permissions based access control
    • JWT vulnerabilities (e.g. “alg”: “none”)
  • Java process security
    • Input data sanitization techniques
    • Dealing with input files from external sources
    • Whitelisting vs. blacklisting approach
    • Efficient logging patterns
    • Randomly generated numbers
    • Java serialization
    • JVM Security Manager
  • Mitigating attacks
    • SQL injection
    • XML external entity
    • DoS via input data
  • Docker containers security

 

Duration

  • 12 hours

 

Target Audience

  • Java developers
  • application security geeks
  • technical leaders
  • software architects

 

People from the following companies attended my courses:

 

Enroll

Note: At the moment this course is available only for companies, teams, or groups of students. The individual subscription (i.e. single person) is not an option at the moment.

 

Description

  • The course introduces the main concepts and context of software architecture. Participants will learn about practices such as essential requirements identification, architectural design, architectural documentation, and architecture analysis.
  • It provides a clear understanding of the main aspects of being a software architect, as well as different types of architects (e.g. enterprise, solution, software, and system).
  • It reveals a structured way of collecting and documenting the business requirements with an architectural impact (i.e. non-functional requirements) to be quantifiable, measurable, and testable.
  • It includes various design techniques in light of the Quality Attributes which help to create software architecture.
  • It teaches you how to create proper and structured architectural documentation, in compliance with its purpose and beneficiaries (i.e. users).
  • Evaluating software architecture should be part of each project, hence we will discuss different techniques that might help you to mitigate the architectural risk.
  • It gives a recipe to conduct a healthy evaluation across different frameworks and libraries which might fit the project, to pick up the most suitable and appropriate based on the environmental context.
  • The course is a blend of lectures, individual and team exercises, and interactive workshops.

 

Agenda

  • Main architectural concepts (e.g. what is a software architecture, the contexts of software architecture, the architecture influence cycle, etc.). The duties, skills, and knowledge of a software architect
  • Stakeholders, Business Goals and Quality Attributes (e.g. scalability, performance, security, availability, modifiability) in lights of architectural tactics
  • Designing software architecture
  • Documenting the software architecture via viewpoint-based approach and architectural views (how to structure the architectural description)
  • Evaluation of the software architecture involving different types of stakeholders
  • Technologies and frameworks from an architectural perspective (what they mean and how to properly choose them)

 

Duration

  • 16 hours

 

Target Audience

  • software developers
  • technical leaders
  • software/solution architects
  • test engineers
  • business analysts with a technical background or passionate about technology

 

Attendees’ Feedback

I liked the structure of the course, the fact that we applied the concepts we learned by following a methodology creating an architecture starting from the requirements.
The course helped me understand the architectural concepts and the role of an architect.
The course helped me to learn the terminology better, by doing exercises, also with book recommendations, describing architectural tactics and generic patterns.
I was clarified regarding the diagrams (views and viewpoints) and regarding the applicability of some quality attributes.
The trainer is a true professional. He explained everything in detail as best as he could.
I think that diagrams are most useful. I think that they should be implemented for every project and presented to developers when they see a project for the first time, as it is easier to imagine and understand how a project works.

 

People from the following companies attended my courses:

 

Enroll

Note: At the moment this course is available only for companies, teams, or groups of students. The individual subscription (i.e. single person) is not an option at the moment.

 

I am an independent Technical Trainer, Software Architect, and Security Champion.

I speak at software development conferences and meetups around the world, delivering presentations, training courses, and workshops.

Please contact me if you are interested in conducting any software architecture, Java performance, or security course or workshop for your team or your company.

 

Professional Figures

       15  years of experience

     31+  articles, blog posts

     34+  conferences talks

         8  years of training

     70+  training sessions

   850+  trainees

 1200+  hours of training

     10+  training clients

         4  training countries

 

At Work

 

Contact

 

 

Social Media