Secure Developer Java (Inc OWASP) Training Course
This course explores secure coding concepts and principles for Java, utilizing the Open Web Application Security Project (OWASP) testing methodology. OWASP is a global online community dedicated to producing freely available articles, methodologies, documentation, tools, and technologies aimed at enhancing web application security.
This course is available as onsite live training in Bulgaria or online live training.Course Outline
- Understand web threats and attack vectors.
- Grasp secure design principles.
- Comprehend the OWASP Top 10 vulnerabilities.
- Analyze authentication and authorization challenges.
- Learn techniques to prevent Cross-Site Scripting (XSS).
- Master strategies to prevent Cross-Site Request Forgery (CSRF).
- Understand the secure development lifecycle.
- Know how to mitigate injection attacks.
- Explore security protections in JDBC and JPA.
- Study penetration testing methodologies.
- Learn how to secure Java applications.
Requirements
- Proficiency in Java.
- Experience in developing web applications.
Open Training Courses require 5+ participants.
Secure Developer Java (Inc OWASP) Training Course - Booking
Secure Developer Java (Inc OWASP) Training Course - Enquiry
Secure Developer Java (Inc OWASP) - Consultancy Enquiry
Testimonials (3)
The topic is current and I needed to be updated
Damilano Marco - SIAP s.r.l.
Course - Secure Developer Java (Inc OWASP)
It was quite comprehensive, the information was clear and succinct.
Sebastian-Daniel - BRD
Course - Secure Developer Java (Inc OWASP)
Multiple examples for each module and great knowledge of the trainer.
Sebastian - BRD
Course - Secure Developer Java (Inc OWASP)
Upcoming Courses
Related Courses
Network Security and Secure Communication
21 HoursBuilding a secure networked application presents challenges even for developers familiar with cryptographic building blocks like encryption and digital signatures. To help participants grasp the role and application of these primitives, the course begins by establishing a strong foundation in the core requirements of secure communication—specifically secure acknowledgment, integrity, confidentiality, remote identification, and anonymity. It also highlights common threats to these requirements alongside practical, real-world solutions.
Given that cryptography is central to network security, the curriculum covers key algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement. Rather than focusing on complex mathematics, these topics are explored from a developer's perspective, featuring typical use-case examples and practical considerations such as the implementation of public key infrastructures. The course introduces security protocols used across various domains of secure communication, with a detailed examination of widely adopted protocol families like IPSEC and SSL/TLS.
Typical cryptographic vulnerabilities are examined, covering both specific algorithms and protocols. Topics include the BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, and POODLE attacks, as well as the RSA timing attack. For each issue, the practical implications and potential consequences are described without delving into deep mathematical theory.
Finally, since XML technology is pivotal for data exchange in networked applications, the course addresses XML security. This includes the use of XML in web services and SOAP messages, along with protective measures like XML signature and XML encryption. It also covers weaknesses in these protection mechanisms and XML-specific security issues, such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.
Participants attending this course will
- Understand fundamental concepts of security, IT security, and secure coding
- Comprehend the requirements of secure communication
- Learn about network attacks and defenses across different OSI layers
- Gain practical knowledge of cryptography
- Understand essential security protocols
- Recognize recent attacks targeting cryptosystems
- Learn about relevant recent vulnerabilities
- Understand security concepts in Web services
- Access sources and further reading on secure coding practices
Audience
Developers, Professionals
C/C++ Secure Coding
21 HoursDeveloping secure C and C++ code demands rigorous defenses against malicious exploitation, memory corruption, and input validation bypasses. This course explores vulnerability patterns such as buffer overflows, use-after-free errors, integer overflows, and type confusion. Participants will apply secure coding guidelines, static analysis tools, and defensive programming techniques to eliminate weaknesses, enforce input sanitization, and deliver hardened software resilient against cyberattacks.
Advanced Java Security
21 HoursEven seasoned Java developers often lack a comprehensive grasp of the security services provided by Java and the various vulnerabilities that affect web applications built with it.
This course not only introduces the security components of the Standard Java Edition but also addresses security concerns within Java Enterprise Edition (JEE) and web services. The discussion begins with the fundamentals of cryptography and secure communication before diving into specific services. Various exercises cover both declarative and programmatic security techniques in JEE, as well as transport-layer and end-to-end security for web services. Participants engage in practical exercises to explore and apply the discussed APIs and tools firsthand.
The course also examines and explains the most common and severe programming flaws in the Java language and platform, along with web-related vulnerabilities. Beyond typical bugs made by Java programmers, the security vulnerabilities covered include language-specific issues and problems arising from the runtime environment. All vulnerabilities and associated attacks are demonstrated through accessible exercises, followed by recommended coding guidelines and mitigation techniques.
Participants attending this course will
- Comprehend the core concepts of security, IT security, and secure coding.
- Learn about web vulnerabilities beyond the OWASP Top Ten and understand how to avoid them.
- Understand the security concepts underlying web services.
- Learn to utilize various security features within the Java development environment.
- Gain a practical understanding of cryptography.
- Understand the security solutions offered by Java EE.
- Learn about typical coding mistakes and how to prevent them.
- Gain insights into recent vulnerabilities within the Java framework.
- Acquire practical knowledge in using security testing tools.
- Access resources and further readings on secure coding practices.
Audience
Developers
Groovy Programming
21 HoursApache Groovy is a dynamic programming language for the JVM (Java Virtual Machine). Its key features encompass scripting capabilities, Domain-Specific Language creation, runtime and compile-time meta-programming, and support for functional programming. Groovy is frequently utilized as a complementary tool to Java.
In this instructor-led live training, participants will gain hands-on experience programming in Groovy by building a sample application step-by-step.
Audience
- Software Developers
Course Format
- A blend of lectures, interactive discussions, exercises, and extensive practical training
Groovy Programming for Beginners
14 HoursThis instructor-led, live training in Bulgaria (online or onsite) is aimed at beginner-level developers who wish to learn the basics of Groovy Programming.
By the end of this training, participants will be able to:
- Understand the basic programming concepts.
- Write simple Groovy scripts and utilize Groovy core features.
- Understand and apply basic principles of object-oriented programming using Groovy.
- Learn basic error-handling techniques to manage common programming errors and exceptions in Groovy.
Java Microservices
21 HoursThis instructor-led, live training in Bulgaria (online or onsite) targets intermediate-level Java developers who want to design, develop, deploy, and maintain microservices-based applications using Java frameworks like Spring Boot and Spring Cloud.
By the end of this training, participants will be able to:
- Grasp the principles and advantages of microservices architecture.
- Construct and deploy microservices utilizing Java and Spring Boot.
- Implement service discovery, configuration management, and API gateways.
- Secure, monitor, and scale microservices efficiently.
- Deploy microservices using Docker and Kubernetes.
Building Microservices with Spring Boot, Docker, and Kubernetes
21 HoursThis instructor-led, live training in Bulgaria (available online or onsite) is tailored for intermediate to advanced developers seeking to master the development of microservices using Spring Boot, Docker, and Kubernetes.
By the end of this training, participants will be able to:
- Comprehend microservices architecture principles.
- Build production-ready microservices using Spring Boot.
- Understand the critical role of Docker in containerizing microservices.
- Configure Kubernetes clusters to deploy and orchestrate microservices.
Quarkus for Developers
14 HoursThis instructor-led live training in Bulgaria (online or onsite) is aimed at developers who wish to use Quarkus to build, test, and deploy applications, fully-powered with Java, but with less resource utilization.
By the end of this training, participants will be able to:
- Set up the necessary development environment to start developing applications with Quarkus.
- Build, compile, and run applications in native mode using GraalVM.
- Utilize Quarkus tooling and extensions for building native applications using Maven.
- Containerize, execute, and deploy applications with Docker.
Quarkus for Java Native and Microservice Development
40 HoursThis instructor-led, live training in Bulgaria (online or onsite) is aimed at intermediate-level to advanced-level developers and architects who wish to develop Java native applications and microservices using Quarkus with optimized memory usage and startup time.
By the end of this training, participants will be able to:
- Develop high-performance, lightweight Java native applications using Quarkus.
- Build and deploy RESTful services and microservices architectures.
- Use GraalVM for native compilation and optimize startup and memory efficiency.
- Package and containerize applications for Kubernetes and OpenShift environments.
RabbitMQ with Java and Spring
14 HoursThis instructor-led, live training in Bulgaria (online or onsite) is targeted at software architects and web developers who intend to utilize RabbitMQ as middleware for messaging and program in Java using Spring to develop robust applications.
Upon completion of this training, participants will be capable of:
- Building applications using Java, Spring, and RabbitMQ.
- Designing asynchronous, message-driven systems with RabbitMQ.
- Creating and implementing queues, topics, exchanges, and bindings within RabbitMQ.
Spring Boot, React, and Redux
14 HoursThis instructor-led, live training in Bulgaria (online or on-site) is designed for web developers who wish to build functional front-end and back-end web applications using Spring Boot, React, and Redux.
By the end of this training, participants will be able to:
- Build a front-end application with React and Redux.
- Create RESTful APIs with Spring Boot.
- Secure web services with Spring security and JWT web tokens.
Spring 5
21 HoursThis instructor-led live training in Bulgaria (online or onsite) is designed for Java developers who wish to use the Spring 5 framework to develop and deploy enterprise web applications.
By the end of this training, participants will be able to:
- Install and configure Spring 5.
- Understand and implement Spring 5's latest features.
- Access databases with Spring Application.
- Use the new reactive web framework, WebFlux, to make an application reactive.
- Integrate a Spring application with legacy Java EE applications.
- Test and deploy an enterprise-grade Spring application.
Spring Basics with Spring Boot 3.5.5 and Java 21
14 HoursSpring is a robust Java framework that streamlines enterprise application development by offering powerful dependency injection, a modular architecture, and simplified configuration options.
This instructor-led live training (available online or onsite) is designed for beginner-level Java developers who aim to create modern, production-ready web applications using the latest versions of the Spring Framework, Spring Boot 3.5.5, and Java 21.
Upon completing this training, participants will be able to:
- Grasp Spring’s core principles, including Inversion of Control (IoC), Dependency Injection (DI), and Aspect-Oriented Programming (AOP).
- Configure Spring applications using XML, annotations, and JavaConfig.
- Develop RESTful services leveraging Spring Boot and JPA.
- Implement CRUD operations, manage transactions, and handle data persistence.
- Utilize advanced Spring features such as profiles, exception handling, and data serialization.
Course Format
- A concise theoretical overview followed by extensive practical exercises.
- Hands-on implementation based on real-world examples.
- Interactive discussions and guided troubleshooting sessions.
Customization Options
- To arrange a customized training for this course, please contact us.
Spring WebFlux: Reactive Programming for Scalable Web Applications
35 HoursSpring WebFlux is a reactive programming module within the Spring Framework designed for building non-blocking, event-driven web applications.
This instructor-led, live training (online or onsite) is aimed at beginner-level to intermediate-level Java developers who wish to build scalable and responsive applications using Spring WebFlux.
By the end of this training, participants will be able to:
- Understand the fundamentals of reactive programming with Project Reactor.
- Build and test non-blocking RESTful APIs using Spring WebFlux.
- Integrate WebFlux with databases and external services.
- Apply reactive patterns to real-world application scenarios.
Format of the Course
- Interactive lecture and discussion.
- Lots of exercises and practice.
- Hands-on implementation in a live-lab environment.
Course Customization Options
- To request a customized training for this course, please contact us to arrange.
Spring Webflux
14 HoursThis instructor-led, live training in Bulgaria (online or onsite) is aimed at developers who wish to use WebFlux to develop and deploy reactive applications.
By the end of this training, participants will be able to:
- Install and configure Spring 5 and the WebFlux framework.
- Develop reactive application and services.