Description
In today’s rapidly evolving digital landscape, security is not just an optional consideration – it is a necessity. Every Java developer must incorporate security by design, ensuring that every line of code contributes to the overall security posture of the application. “Application Security for Java Developers” is a comprehensive course crafted to transform how you approach coding, equipping you with the essential skills and knowledge to make security a first-class quality attribute in your software development process.
This course dives deep into the core principles of security, unraveling the complexities of designing robust, secure applications. You will explore a wide array of security concepts, from foundational principles to advanced security mechanisms and techniques. By the end of this course, you will have a profound understanding of security principles and practices, empowering you to implement them effectively in your Java projects.
What You Will Learn
Throughout this course, you will master the essential security design principles such as least privilege and defense in depth, and learn how to apply them in real-world scenarios. You’ll delve into Java process security, covering critical topics like input validation, security logging, and managing CSP and CORS. The course also offers a thorough understanding of modern authentication and authorization mechanisms, including OAuth 2.0, and securing APIs and microservices with token introspection and JWKS. Additionally, you’ll gain practical skills to mitigate common attacks like SQL injection and XSS, and explore comprehensive security testing methods such as SAST, DAST, and SCA. Finally, you will learn best practices for securing Docker containers, ensuring your containerized applications remain robust and secure.
Agenda
Security Design Principles
- Least privilege
- Defense in depth
- Fail securely
- Compartmentalization
Authentication and Authorization
- OAuth 2.0 Grant Types
- Password Flow
- Client Credentials Flow
- Authorization Code Flow
- Authorization Code Flow with Proof Key for Code Exchange (PKCE)
- Implicit Flow
- Refresh/Access Tokens
API and Microservices Security
- Token introspection
- JSON Web Key Set (JWKS)
- Permissions-based access control
Java Process Security
- Input data validation and sanitization techniques
- Security logging best practices
- Content Security Policy (CSP)
- Cross-Origin Resource Sharing (CORS)
- Serialization/Deserialization
- Handling input files from external sources
Mitigating Common Attacks
- SQL injection
- Cross-Site Scripting (XSS) attacks
Security Testing
- Software Composition Analysis (SCA)
- Static Application Security Testing (SAST)
- Dynamic Application Security Testing (DAST)
Docker Container Security
Duration
- 12 hours
Target Audience
- Java developers of all levels who are committed to writing secure code
- Technical leaders
- Software architects
People from the following companies attended my courses:
Enroll
Note: At the moment this course is available only for companies, teams, or groups of students. The individual subscription (i.e. single person) is not an option at the moment.