Description
This course reveals key concepts, principles, and approaches that are used to design applications where security is a first-class quality attribute. Upon completion, you’ll have a thorough understanding of security principles that you can apply to your project.
Key concepts covered in this course
- Security design principles (e.g. least privilege, defense in depth, minimization, compartmentalization, simplicity, fail securely, etc)
- OAuth 2.0 grant types
- Implicit Flow
- Password Grant
- Client Credentials
- Authorization Code
- Refresh/access tokens
- APIs (micro)services security
- Token introspection
-
JSON Web Key Set (JWKS)
-
Permissions based access control
-
JWT vulnerabilities (e.g. “alg”: “none”)
- Java process security
-
Input data sanitization techniques
-
Dealing with input files from external sources
-
Whitelisting vs. blacklisting approach
-
Efficient logging patterns
-
Randomly generated numbers
-
Java serialization
- JVM Security Manager
-
- Mitigating attacks
- SQL injection
- XML external entity
- DoS via input data
-
Docker containers security
Duration
- 12 hours
Target Audience
- Java developers
- application security geeks
- technical leaders
- software architects
People from the following companies attended my courses:
Enroll
Note: At the moment this course is available only for companies, teams, or groups of students. The individual subscription (i.e. single person) is not an option at the moment.