The Secure JEE Web Application Development Seminar is an intense JEE security
training workshop/seminar essential for web developers who need to produce
secure web applications, integrating security measures into the development
process from requirements to deployment and maintenance. This course explores
well beyond basic programming skills, teaching you sound processes and practices
to apply to the entire software development lifecycle. Perhaps just as
significantly, you will learn about current, real examples that illustrate the
potential consequences of not following these best practices. This course is
short on theory and long on application, providing you with in-depth, code-level
demonstrations and walkthroughs.
In this course, you will learn best practices for defensively coding JEE web
applications, including XML processing and web services. Demonstrations
repeatedly attack and then defend various assets associated with a
fully-functional web application. This approach illustrates the mechanics of how
to secure JEE web applications in the most practical of terms.
Security experts agree that the least effective approach to security is
"penetrate and patch". It is far more effective to "bake" security
into an application throughout its lifecycle. After examining a poorly designed
(from a security perspective) web application, you will be ready to learn how to
build secure web applications starting at project inception. The final portion
of this course builds on the previously learned mechanics for building defenses
by exploring how design and analysis can be used to build stronger applications
from the beginning of the software lifecycle. You will leave the course armed
with the skills required to recognize actual and potential software
vulnerabilities, implement defenses for those vulnerabilities, and test those
defenses for sufficiency.
A key component to our Best Defense IT Security Training Series, this
workshop is a companion course with several developer-oriented courses and
seminars. Although this edition of the course is Java-specific, it can also be
presented using .Net or other programming languages.