Live Chat
Monday - Friday 8am - 6pm EST Chat Now
Contact Us
Monday - Friday 8am - 8pm EST 1-866-716-6688 Other Contact Options

Cart () Loading...

    • Quantity:
    • Delivery:
    • Dates:
    • Location:


Secure Java Web Application Development Lifecycle-SDL (TT8325-J)

Vendor# TT8325-J

GK# 1107

Course Overview

In this course, you will learn how to engineer, maintain, and support secure JEE-based web applications. In addition to teaching basic secure programming skills, this course examines sound processes and practices that apply to the entire software development lifecycle. You will learn best practices for defensively coding web applications, including XML processing, rich interfaces, and both RESTful and SOAP-based web services. Students will repeatedly attack and then defend various assets associated with fully functional web applications and web services. Although this edition of the course is Java-specific, it may also be presented using .Net or other programming languages.

PCI Compliant Developer Training: Version 3.0 of the Payment Card Information Data Security Standard (PCI-DSS) and the Payment Application Data Security Standard (PA-DSS) have placed an increased emphasis on information security training and awareness. This class can help meet the annual training requirements for your developers and vendors. This secure coding training addresses common coding vulnerabilities in software development processes. This training is used by one of the principle participants in the PCI DSS. Having passed multiple PCI audits, this course has been shown to meet the PCI requirements. The specification of those training requirements are detailed in 6.5.1 through 6.5.10 on pages 55 through 59 of the PCI DSS Requirements 3.0 document dated November 2013.

Delivery Format Options

  • Virtual Classroom Live

    Virtual Classroom Live

    Experience expert-led online training from the convenience of your home, office or anywhere with an Internet connection.


    $3515 CAD

    5 day

  • Private Group Training

    Private Group Training

    Train your entire team in a private, coordinated professional development session at the location of your choice.

    Receive private training for teams online and in-person.

Request a date or location for this course.

What You'll Learn

  • Potential sources for untrusted data
  • Consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections
  • Test web applications with various attack techniques to determine the existence of and effectiveness of layered defenses
  • Prevent and defend the many potential vulnerabilities associated with untrusted data
  • Vulnerabilities of associated with authentication and authorization
  • Detect, attack, and implement defenses for authentication and authorization functionality and services
  • Dangers and mechanisms behind Cross-Site Scripting (XSS) and Injection attacks
  • Detect, attack, and implement defenses against XSS and Injection attacks
  • Concepts and terminology behind defensive, secure, coding
  • Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against assets
  • Perform both static code reviews and dynamic application testing to uncover vulnerabilities in Java-based web applications
  • Design and develop strong, robust authentication and authorization implementations within the context of JEE
  • Fundamentals of XML Digital Signature and XML Encryption as well as how they are used within the web services arena
  • Detect, attack, and implement defenses for both RESTful and SOAP-based web services and functionality
  • Techniques and measures that can used to harden web and application servers as well as other components in your infrastructure
  • Implement the processes and measures associated with the Secure Software Development (SSD)
  • Skills, tools, and best practices for design and code reviews as well as testing initiatives
  • Basics of security testing and planning
  • Work through a comprehensive testing plan for recognized vulnerabilities and weaknesses


  • Familiarity with Java and JEE
  • Programming experience is highly recommended
  • At least six months of Java and JEE working knowledge
  • A working knowledge in the following topics or attend one of these courses as a prerequisite:

Who Needs To Attend

Developers who wish to develop secure applications

Course Outline

Download Course Outline