Skill Up Card - Course Bundles

Pricing is per delegate, giving you huge savings over the cost of individual courses.

UK = £2,000 + VAT per Skill Up Card
Ireland = €2,400 per Skill Up Card

View our Microsoft Skill Up Cards now

Office & Adobe Power BI Data Analyst Azure Admin Architect Microsoft 365 Admin Expert Azure Security

Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J)

4.6 out of 5 rating Last updated 14/11/2024 English

Jump to outline

Global Schedule

GTR = Guaranteed to Run

27 Jan 25 Book

15:00 - 23:00 Live Online 2,359

31 Mar 25 Book

15:00 - 23:00 Live Online 2,359

02 Jun 25 Book

15:00 - 23:00 Live Online 2,359

11 Aug 25 Book

15:00 - 23:00 Live Online 2,359

14 Oct 25 Book

15:00 - 23:00 Live Online 2,359

08 Dec 25 Book

15:00 - 23:00 Live Online 2,359

Duration

4 Days

24 CPD hours

Overview

With a strong focus on real-world case studies and labs, this course will sharpen your ability to identify, analyze, and resolve security issues in their applications. Working in a lab-intensive, hands-on coding environment you'll:
Master the fundamentals of secure coding and understand the stages of an exploit, focusing on defensive techniques.
Establish foundational axioms for analyzing and addressing security in web applications, guiding your approach through this course and future endeavors.
Learn responsible ethical hacking methods, including defect detection, bug reporting, and ensuring all activities are executed in a safe environment.
Recognize and sidestep frequent pitfalls in vulnerability testing and bug hunting, leveraging best practices.
Gain insight into the significance of multilayered defense strategies, evaluating the effectiveness of layered defenses through hands-on testing.
Identify and handle untrusted data sources, understanding the associated risks like denial of service, cross-site scripting, and injections.
Dive deep into authentication and authorization, pinpointing vulnerabilities and learning how to fortify these crucial
security areas.
Understand and counteract web-specific threats such as Cross-Site Scripting (XSS) and Injection attacks, mastering both offensive and defensive techniques.
Examine risk factors in XML processing, file and software uploads, and deserialization, along with strategies for risk
mitigation.
Get acquainted with key security tools, from code scanners to web application firewalls, while also exploring server and infrastructure hardening techniques.

Description

Discover the cutting-edge of cybersecurity and elevate your skills as a Java Web developer with our comprehensive Bug
Hunting and Application Security course. Designed specifically for experienced Java web developers, our Java Secure Coding Camp | Attacking and Securing Java Web Applications is an immersive, hands-on training program that delves deep into the world of bug hunting, ethical hacking, and web application security. Through real-world case studies, engaging labs, and expert instruction, you'll gain the knowledge and skills needed to fortify your applications, stay ahead of emerging threats, and protect your organization from costly security breaches.
Upon completing this course, you will not only acquire a profound understanding of application security concepts and best practices but also enhance your problem-solving, debugging, and overall software development prowess. Empowered with these new skills, you'll be well-prepared to identify, address, and prevent security threats in your Java Web applications, ensuring a robust and secure digital environment for your organization.
NOTE: PCI Compliant Developer Training: This secure coding training addresses common coding vulnerabilities in software development processes. This training is used by one of the principal participants in the PCI DSS. Having passed multiple PCI audits, this course has been shown to meet the PCI requirements. The specifications of those training requirements are detailed in 6.5.1 through 6.5.7 on pages 60 through 65 of the PCI DSS Requirements 3.2.1 document.

Prerequisites

Practical hands-on Java web development experience. This is java coding class that requires intermediate Java developer skills to complete the lab work.

1. Why Hunt Bugs

The Language of Cybersecurity
The Changing Cybersecurity Landscape
AppSec Dissection of SolarWinds
The Human Perimeter
First Axiom in Web Application Security Analysis
First Axiom in Addressing ALL Security Concerns
2. Safe and Appropriate Bug Hunting/Hacking

Warning to All Bug Hunters
Working Ethically
Respecting Privacy
Bug/Defect Notification
Bug Hunting Pitfalls
Moving Forward From Hunting Bugs

3. Removing Bugs

Open Web Application Security Project (OWASP)
OWASP Top Ten Overview
Web Application Security Consortium (WASC)
Common Weaknesses Enumeration (CWE)
CERT Secure Coding Standard
Microsoft Security Response Center
Software-Specific Threat Intelligence
Bug Stomping 101

4. Unvalidated Data

CWE-787, 125, 20, 416, 434, 190, 476 and 119
Potential Consequences
Defining and Defending Trust Boundaries
Rigorous, Positive Specifications
Allow Listing vs Deny Listing
Challenges: Free-Form Text, Email Addresses, and Uploaded Files
5. A01: Broken Access Control

CWE-22, 352, 862, 276, and 732
Elevation of Privileges
Insufficient Flow Control
Unprotected URL/Resource Access/Forceful Browsing
Metadata Manipulation (Session Cookies and JWTs)
Understanding and Defending Against CSRF
CORS Misconfiguration Issues
6. A02: Cryptographic Failures

CWE-200
Identifying Protection Needs
Evolving Privacy Considerations
Options for Protecting Data
Transport/Message Level Security
Weak Cryptographic Processing
Keys and Key Management
NIST Recommendations
7. A03: Injection

CWE-79, 78, 89, and 77
Pattern for All Injection Flaws
Misconceptions With SQL Injection Defenses
Drill Down on Stored Procedures
Other Forms of Server-Side Injection
Minimizing Server-Side Injection Flaws
Client-side Injection: XSS
Persistent, Reflective, and DOM-Based XSS
Best Practices for Untrusted Data
8. A04: Insecure Design

Secure Software Development Processes
Shifting Left
Principles for Securing All Designs
Leveraging Common AppSec Practices and Control
Paralysis by Analysis
Actionable Application Security
Additional Tools for the Toolbox
9. A05: Security Misconfiguration

System Hardening: IA Mitigation
Risks with Internet-Connected Resources
Minimalist Configurations
Application Allow Listing
Secure Baseline
Segmentation with Containers and Cloud
CWE-611
Safe XML Processing
Bug Stomping 102

10. A06: Vulnerable and Outdated Components

Problems with Vulnerable Components
Software Inventory
Managing Updates: Balancing Risk and Timeliness
Virtual Patching
Dissection of Ongoing Exploits
11. A07: Identification and Authentication Failures

CWE-306, 287, 798 and 522
Quality and Protection of Authentication Data
Anti-Automation Defenses
Multifactor Authentication
Proper Hashing of Passwords
Handling Passwords on Server Side
12. A08: Software and Data Integrity Failures

CWE-502
Software Integrity Issues and Defenses
Using Trusted Repositories
CI/CD Pipeline Issues
Protecting Software Development Resources
Serialization/Deserialization
13. A09: Security Logging and Monitoring Failures

Detecting Threats and Active Attacks
Best Practices for Logging and Logs
Safe Logging in Support of Forensics
14. A10: Server Side Request Forgeries (SSRF)

CWE-918
Understanding SSRF
Remote Resource Access Scenarios
Complexity of Cloud Services
SSRF Defense in Depth
Positive Allow Lists
Moving Forward with Application Security

15. Applications: What Next

Common Vulnerabilities and Exposures
CWE Top 25 Most Dangerous SW Errors
Strength Training: Project Teams/Developers
Strength Training: IT Organizations
16. Secure Development Lifecycle (SDL)

17. SDL Overview

Attack Phases: Offensive Actions and Defensive Controls
Secure Software Development Processes
Shifting Left
Actionable Items Moving Forward
18. SDL In Action

Risk Escalators
Risk Escalator Mitigation
SDL Phases
Actions for each SDL Phase
SDL Best Practices

Additional course details:

Nexus Humans Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) training program is a workshop that presents an invigorating mix of sessions, lessons, and masterclasses meticulously crafted to propel your learning expedition forward.

This immersive bootcamp-style experience boasts interactive lectures, hands-on labs, and collaborative hackathons, all strategically designed to fortify fundamental concepts.

Guided by seasoned coaches, each session offers priceless insights and practical skills crucial for honing your expertise. Whether you're stepping into the realm of professional skills or a seasoned professional, this comprehensive course ensures you're equipped with the knowledge and prowess necessary for success.

While we feel this is the best course for the ITS Data Analytics course and one of our Top 10 we encourage you to read the course outline to make sure it is the right content for you.

Additionally, private sessions, closed classes or dedicated events are available both live online and at our training centres in Dublin and London, as well as at your offices anywhere in the UK, Ireland or across EMEA.

FAQ for the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) Course

Available Delivery Options for the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) training.

Live Instructor Led Classroom Online (Live Online)
Traditional Instructor Led Classroom (TILT/ILT)
Delivery at your offices in London or anywhere in the UK
Private dedicated course as works for your staff.

How many CPD hours does the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) training provide?

The 4 day. Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) training course give you up to 24 CPD hours/structured learning hours. If you need a letter or certificate in a particular format for your association, organisation or professional body please just ask.

Which exam does the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) training course prepare you for?

The Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) prepares you for the Yes official exam. You can take this exam at any exam center across UK including, England, Scotland, Cymru (Wales) or Northern Ireland or live online where ever you are. Exams vary in duration and if required you can request with the provider for any accommodations appropriate for you.

What is the correct audience for the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) training?

This is an intermediate level Java programming course, designed for experienced Java Web developers, software engineers,
and architects who are seeking to enhance their knowledge and skills in application security, bug hunting, and secure software
development. The course would also be well-suited for IT professionals, such as security analysts, security engineers, and
DevOps team members, who are responsible for ensuring the security and integrity of web applications in their organizations.

Do you provide training for the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J).

Yes we provide corporate training, dedicated training and closed classes for the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J). This can take place anywhere in UK including, England, Scotland, Cymru (Wales) or Northern Ireland or live online allowing you to have your teams from across UK or further afield to attend a single training event saving travel and delivery expenses.

What is the duration of the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) program.

The Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) training takes place over 4 day(s), with each day lasting approximately 8 hours including small and lunch breaks to ensure that the delegates get the most out of the day.

What other terms do people search for when looking for this course?

Popular related searched include Java; JEE ; Application Security.

Why are Nexus Human the best provider for the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J)?

Nexus Human are recognised as one of the best training companies as they and their trainers have won and hold many awards and titles including having previously won the Small Firms Best Trainer award, national training partner of the year for UK on multiple occasions, having trainers in the global top 30 instructor awards in 2012, 2019 and 2021. Nexus Human has also been nominated for the Tech Excellence awards multiple times. Learning Performance institute (LPI) external training provider sponsor 2024.

Is there a discount code for the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) training.

Yes, the discount code PENPAL5 is currently available for the Java EE Secure Coding Camp | Attacking & Securing Java / Jakarta JEE Web Applications (TT8320-J) training. Other discount codes may also be available but only one discount code or special offer can be used for each booking. This discount code is available for companies and individuals.

Training Insurance Included!

When you organise training, we understand that there is a risk that some people may fall ill, become unavailable. To mitigate the risk we include training insurance for each delegate enrolled on our public schedule, they are welcome to sit on the same Public class within 6 months at no charge, if the case arises.

What people say about us

Booking process was very easy. Once initial contact was made everything happened smoothly.

Pfizer

Great course yesterday and can’t give enough amazing feedback for John. I’ve never had a teacher hold attention of a class from start to finish, but yesterday he did this.

Jennifer O'Connor

Vistra

Alan delivered the training in an easy to understand and pleasant manner which was broken down into manageable chunks with an appropriate number of breaks to give folk time away from their laptops and screens. It is never easy to do 2 days of training on a fairly in-depth subject involving Software even in a classroom environment and remaining focused and engaged so doing it remotely adds another level of complexity, but I have to say that personally this was one of the best Training Events that I have attended for some years. I have gained so much knowledge of MS Project and it will certainly make my job easier going forward.

A large part of what I gained has to be credited to Alan’s manner and delivery and I should be grateful if you could pass on my thanks to him.

Also, the support, together with joining instructions & training literature etc from Nexus Human has been excellent – thank you for that. I intend feeding that back to our People and ICT Teams too

Nexus Human - Project class

December 2023

This was my 2nd course with Nexus Human and I enjoy the format of the courses.
This was very well-run, the instructor was superb and i will get a lot of benefit from having access for the next 6 months, I look forward to the next course.

Cathal

Kerry, Ireland

I would like to thank the staff of Nexus Human, who were very helpful, prompt, friendly and professional in helping me attain my Microsoft certification. I would like to thank Abdul in particular for his guidance during the course and commend him on his knowledge of software development.

Paul

ITC Group
Dublin

This is the 3rd course I have done with Arun. He is very helpful and always supportive if I have other questions outside the lecture parameters. I have already recommended him and Nexus Human to work colleges and would do so again after this course.

Philip

Nexus Human Classroom Student

The instructor was excellent. Was willing to field any questions we had and deal with our specific queries.

Excel student

The class just finished and I just wanted to mention to you that it was absolutely amazing. The quality of the training had very high standards, the trainer explained amazingly well and we actually practiced (did) all the steps. It was not learning by watching a presentation but by actually doing. The training has been delivered from Atlanta (US) and I cannot wait to go tomorrow in the office and recommend it. The connection and the lab environment were running perfectly.
Once again thank you very much and looking forward for the next trainings scheduled. Enrolling via Nexus Human was the perfect choice.

Cristina, Nexus Human IT Course Attendee

Firstly I would like to say thanks, I found the course I sat yesterday extremely beneficial and the instructor was fantastic, she was enthusiastic and engaging and I would highly recommend the course to friends and colleagues. The post class services are also excellent!

Adobe Student

Sharon was lovely and has a fantastic knowledge. Honestly I didn't think I needed part 1 but I am SO glad I came. Thank you. Will be back in for part 2.

Nexus Human Student

Excellent interaction and answered all of my questions. Looking forward to being able to apply some of the tips and features learned today which hopefully should have real impact on some of the more time consuming tasks currently encountered.

Nexus Human Power BI Attendee

Brilliant
Wonderful teacher
Course presented extremely well indeed

Nexus Human Student feedback