Programming is the last line of defense against attacks targeted towards the organization’s systems. This course aims to expose the security flaws in the Java code, and teach students the implementation of security countermeasures in different areas of the software-development lifecycle. Using programming techniques and best practices shown in this course, participants will be able to produce high-quality code that stands up to the most recurring attacks, and improve the overall quality of their products and applications.

  • Experienced Android
  • Experienced iOS developers

Before attending this course, students should be familiar with:

  • Java Runtime Environment (JRE)
  • Web application development
  • Databases & SQL language
}

40 Hours

Cyber Security

h

Certificate: No

Price: contact us for more details

Leave your details

Objectives

  • Acquainting students with security concepts and terminology relevant to the development
  • Providing participatns    with    a    solid     foundation    for    secure development in
  • Exercising the best practices learnt durign the course in the real-life development

Contents

Module 1: Introduction to cyber security

  • Becoming familiar with the world of cyber security
  • Data statistics and examples of security risks
  • Definitions of information security
  • Understanding the difference between: Attack (zero-day, one-day), Daisy chaining, Doxing, Bot, Vulnerability, Exploitation and payload
  • Hackers classifications
  • Threats classifications
  • Security during the development lifecycle
  • Social engineering & another information gathering techniques

 

Module 2: Introduction to Java Security

  • Java security overview
  • Application security in Java
  • JRE & JVM
  • Network vs. application level attacks
  • Security mechanisms
  • Input validation vulnerabilities

 

Module 3: Web Security

  • HTTP protocol in depth
  • OWASP Top 10 Web Application Attacks
  • Input validation & sanitization
  • Broken access control
  • Broken account/session management
  • XSS (Self, DOM, Reflected & Stored)
  • Sensitive data exposure
  • DDOS
  • Insecure configuration management

 

Module 4: JAVA Secure Coding

  • Java input validation
  • Authentication and authorization
  • Secure file managment
  • Secure session management
  • Anti-automation
  • Error handling problems
  • Obfuscation
  • Debugging tools and methods & anti-debugging

 

Module 5: Cryptography

  • Cryptography overview
  • Symmetric encryption
  • Asymmetric encryption
  • Hash algorithms
  • Digital signing
  • Password derived keys
  • PKI & certificates
  • Secure authentication
  • Implementing cryptography in Java

 

Module 6: Database security

  • Most popular RDBMS engines overview
  • SQL injections
  • DB Permissions
  • Data limitations
  • Prepared statements
  • Stored procedures
  • Views

 

Module 7: SDL – Secure Development Lifecycle

  • Assessment stage
  • Strategy stage
  • Roadmap stage
  • Implementation stage

 

Module 8: Methodologies

  • The twelve commandments of secure coding
  • Delivery from development to production rules