Security isec203 java secure coding practice

preview_player
Показать описание
COURSE OVERVIEW
The Java platform provides a number of features designed for improving the securityof Java applications. This includes enforcing runtime constraints through the use of the Java Virtual Machine (JVM), a security manager that sandboxes untrusted code from the rest of the operating system, and a suite of security APIs that Java developers can utilize. Despite this, criticism has been directed at the programming language, and Oracle, due to an increase in malicious programs that revealed security vulnerabilities in the JVM, which were subsequently not properly addressed by Oracle in a timely manner. This is a four day in depth course that covers best practices in Java security for designers, developers and testers

COURSE MATERIAL
Soft Copy and Online reference
DAY 1
HTTP/HTTPS PROTOCOL BASICS
UNDERSTANDING WEB APPLICATION ARCHITECTURES
LAB SETUP AND TOOLS OF THE TRADE
CONVERTING YOUR BROWSER INTO AN ATTACK PLATFORM
TRAFFIC INTERCEPTION AND MODIFICATION USING PROXIES
JAVA LANGUAGE BASICS REVISION
WEB APPLICATION ATTACKS – DEEP DIVE
WEB APPLICATION PROXIES
INPUT VALIDATION
OUTPUT ENCODING
BLACKLISTING AND WHITELISTING
VALIDATION TECHNIQUES
REGULAR EXPRESSIONS
SERVLET FILTERS
CONTENT SECURITY POLICY
PREPARED STATEMENTS
CSRF DEFENSE
DAY 2

AUTHENTICATION FACTORS
AUTHENTICATION ATTACKS
JAVA EE AUTHENTICATION
BASIC AUTHENTICATION
FORM-BASED AUTHENTICATION
CLIENT CERTIFICATES
USING SSL
SECURE PASSWORD STORAGE
AUTHORIZATION
WEB AND ENTERPRISE JAVABEAN ACCESS CONTROL
AUTHORIZATION ATTACKS
ACCESS CONTROL BYPASS
INVALIDATED FORWARDS AND REDIRECTS
STATE MANAGEMENT ATTACKS
SESSION HIJACKING
SESSION FIXATION
CLICKJACKING
USING X-FRAME-OPTIONS

JAVA SECURITY MANAGER
PERMISSIONS
POLICY FILE
JAR SIGNING
CLASS SECURITY
ERROR HANDLING
EXCEPTIONS
USING TRY/CATCH/FINALLY
LOGGING
LOGGING FRAMEWORKS
ESAPI LOGGING
ENCRYPTION
JAVA SECURE SOCKETS EXTENSION (JSSE)
JAVA CRYPTOGRAPHY ARCHITECTURE (JCA)
INTEGER AND DOUBLE OVERFLOWS
THREAD SAFETY
RACE CONDITIONS
REST SECURITY
OAUTH

SECURITY AND THE SDLC
CONDUCTING A SECURE CODE REVIEW
MANUAL CODE REVIEW
USING A STATIC ANALYSIS TOOL
USING FINDBUGS
INTEGRATING CODE REVIEW INTO THE SDLC
SECURITY TESTING
EXPLOITING XSS, CSRF, AND SQL INJECTION
SECURE CODING
FIXING WEAKNESSES IN A RUNNING APPLICATION
  1. eAge Technologies
Рекомендации по теме
Security isec203 java 0:01:16

Security isec203 java secure coding practice

Security architecture of 0:38:40

Security architecture of the Java platform (Martin Toshev)

Martin Toshev - 0:38:29

Martin Toshev - Security Architecture of the Java Platform

Principles and Practices 0:52:18

Principles and Practices to Write Secure code

Java 9 security 0:33:35

Java 9 security enhancements in practice - lecture by Martin Toshev - Code Europe Autumn 2017

RCR 047: Identify 0:31:27

RCR 047: Identify and Apply Security Controls in Development Environments - CISSP Training and Study

Video tirado da 0:01:27

Video tirado da Deep web

deep web - 0:02:05

deep web - hexagon goner [ft. eben] (official music video)

welcome to shbcf.ru