Application Security for Java Developers Course


Security by design is a fundamental approach, nowadays every Java developer should implicitly consider it while writing any piece of code, even though it might or might not be an explicit quality attribute.

This course reveals key concepts, principles, and approaches that are used to design applications where security is a first-class quality attribute. Upon completion, you’ll have a thorough understanding of security principles that you can apply to your project.

Key concepts covered in this course

  • Security design principles (e.g. least privilege, defense in depth, minimization, compartmentalization, simplicity, fail securely, etc)
  • OAuth 2.0 grant types
    • Implicit Flow
    • Password Grant
    • Client Credentials
    • Authorization Code
  • Refresh/access tokens
  • APIs (micro)services security
    • Token introspection
    • JSON Web Key Set (JWKS)
    • Permissions based access control
    • JWT vulnerabilities (e.g. “alg”: “none”)
  • Java process security
    • Input data sanitization techniques
    • Dealing with input files from external sources
    • Whitelisting vs. blacklisting approach
    • Efficient logging patterns
    • Randomly generated numbers
    • Java serialization
    • JVM Security Manager
  • Mitigating attacks
    • SQL injection
    • XML external entity
    • DoS via input data
  • Docker containers security



  • 12 hours


Target Audience

  • Java developers
  • application security geeks
  • technical leaders
  • software architects


People from the following companies attended my courses:



Note: At the moment this course is available only for companies, teams, or groups of students. The individual subscription (i.e. single person) is not an option at the moment.