Creating Secure Code -  Java Web Applications  e-Learning

This e-Learning course targets development teams working on Java Web applications and helps define and code more secure applications as they learn at their own pace. As a result, organizations can keep their training costs down while improving the speed and quality of secure software development.

e-Learning Capabilities Demo >>

Protecting the “Crown Jewels”

Don’t be an accomplice to a Web attack. Learn how to avoid common pitfalls of the Java programming environment and reduce your application’s attack surface

This e-Learning course comprises 13 modules, each containing a main lesson component followed by either a lab or special topic section related to a particular secure coding principle. The main lesson guides students through the concepts underlying the coding principles and illustrates real-world best practices and techniques. The labs allow students to test what they have learned.   General topics covered:
	Overview of Java Web Security Discover attacker techniques and pitfalls of Java web security controls and programming constructs
	Known Java Web vulnerabilities Understand common mistakes and identify vulnerabilities, including improperly implemented SSL and cryptography
	Java Web Coding Best Practices Learn defensive principles and techniques for quickly identifying application risks

Web-browser based system with full start/stop functionality.  The course features 13 best practices, each containing labs and simulations to present the content, and a collection of quizzes to gauge what students have learned along the way. Developers can focus on specific objectives and can refer to the course repeatedly while conducting specific security activities.

	Special topic sections provide an opportunity to uncover additional concepts related to a particular coding principle.      Principles are focused on conducting specific development activities like performing input and output validation or following auditing and logging procedures.       Best practices are offered at the end of each module that can be used as a checklist for developers

Specific Modules

• Coding Principle 1 - Perform Input Validation

• Coding Principle 2 - Perform Output Validation

• Coding Principle 3 - Err and Fail Securely

• Coding Principle 4 - Practice Defense in Depth

• Coding Principle 5 - Handle Sensitive Data with Care

• Coding Principle 6 - Compartmentalize Users, Data, and Processes

• Coding Principle 7 - Follow the Account Management Policy in Place

• Coding Principle 8 - Follow the Audit and Logging Procedure in Place

• Coding Principle 9 - Implement the Principle of Least Privilege

• Coding Principle 10 - Keep an Open and Simple Design

• Coding Principle 11 - Limit the Number of Entry Points to Your Application

• Coding Principle 12 - Do Not Reinvent the Wheel

• Coding Principle 13 - Do Not Reveal Too Much Information