India: +91 406677 1418

WhatsApp no. : +919100386313

USA: +1 909 233 6006

Telegram : +15168586242

Java Security

Java Security Course Content

Java SE Security
  • Holistic Security Practices
  • Threats to the User
  •  The Class Loader & Bytecode Verifier
  • System Classes & the Core API
  • SecurityManager & AccessController
  • Permissions
  • Implication
  • CodeSources
  • Policies
  • Configuring the Java SE Security
  • Dynamic Policies
  • Privileged Actions
Code Signature & Key Management
  • Encryption & Digital Signature
  • Keystores
  • Keys & Certificates
  • Certificate Authorities
  • The KeyStore API
  • Signing JARs
  • Signed CodeSources
  • Additional Policy Semantics
Secure Development Practices: Java SE
  • Code Injection
  • Final Classes & Methods
  • Singletons, Factories & Flyweights
  • Methods, Collections & Data Hiding
  • Sealing JARs
  • Code Obfuscation
  • Object Serialization
Cryptography
  • Threats to Identity & Privacy
  • The Java Cryptography Extensions
  • The Signature Class
  • SignedObjects
  • The Java Cryptography Extensions
  • SecretKeys & KeyGenerator
  • The Cipher Class
  • Dangerous Practices
  • HTTP and JSSE
JAAS
  • Pluggable Authentication Logic
  • JAAS
  • Packages & Interfaces
  • Subjects & Principals
  • ANDs & ORs
  • Impersonation Methods
  • Permissions for JAAS Use
  • LoginContext & LoginModule
  • Configuring JAAS
  • CallbackHandler & Callbacks
  • Implementing a JAAS Client
  • Implementing a LoginModule
Java EE Security
  • Java EE Servers as Code Hosts
  • Tomcat Security Configuration
  • Declaring Roles
  • Securing URLs
  • HTTP Authentication Schemes
  • Securing EJBs
  • Programmatic Security
  • JAAS in Java EE
  • Realms & LoginModules
  • JAAS in Tomcat
  • JACC
  • Certifying a Java EE Application
  • HTTPS Configuration
Secure Development Practices: Java EE
  • Presentation-Tier Vulnerabilities
  • User Accounts
  • MVC & Security
  • Validating User Input
  • SQL Injection
  • Cross-Site Scripting
  • Reflected XSS
  • Defeating XSS
  • OWASP
  • Penetration Testing
  • Error Handling & Information Leakage
  • Logging & Auditing
Conclusion