COURSE 5050 | 2-DAY SESSION
Hands-On Creating Secure Code in Java

---

From the Authors of How to Break Security Software and The Software Vulnerability Guide

In this two-day course, Software Engineers, Application Architects, Developers, Testers, Project Managers and Analysts will learn how to develop secure code.

Software can be correct without being secure.
A software system can meet every requirement and perform every specified action flawlessly, yet still be exploited by a malicious user. This is because security bugs are different from traditional bugs. In order to locate security bugs developers, programmers, and testers have to think differently too.

Why you should be concerned:

• Imagine a web server that is supposed to accept http requests from port 80 but that sometimes manages to overrun buffers by not checking for maliciously crafted packets. Simply observing behavior will not detect the overrun, and the fact that the software appears to function correctly masks the buffer overrun from scrutiny.
  
• Imagine a media player that flawlessly plays any form of digital audio or video but that does so by writing the files out to unencrypted temporary storage. This is a side effect that software pirates will be prepared to exploit.
  

Whether you are incorporating a software product from a vendor or building your own, you are vulnerable to similar security vulnerabilities from your software's unintended functionality as depicted above. You must understand how to prevent software unintended functionality, you do that in programming and development.

This hands-on two-day course, developed & delivered by the industry's best Software Security experts, will give you the skills and tools you must have to write secure Java code.
The quickest and simplest way to protect your enterprise infrastructures is to build and write secure Java code. Secure coding is the task of reducing the susceptibility of code to attack from both unintentional and intentional vulnerabilities — and it falls on the shoulders of developers. Everyone, whether writing protocols or internal processes, is responsible for using secure Java coding techniques to minimize the adverse effect of attacks, be they malicious or accidental. As a result, developers must learn to:

• Avoid introducing vulnerabilities as you develop new functionality
  Implement security measures effectively into Java code
  
• Classify items that are defensive in nature so you can ensure security flaws are prevented before they happen
  
• Identify items that are normally associated with cryptographic procedures to prevent data from becoming compromised and to ensure new law compliance
  
  
  

In this class, you will receive the industry-defining text
The Software Vulnerability Guide, to be used as a
resource in class and a reference after.



In today's market, secure software is a must for consumers. Many developers, however, are not familiar with the techniques needed to produce secure code or detect existing vulnerabilities. The Software Vulnerability Guide focuses on the origin of most software vulnerabilities, including the bugs in the underlying software used to develop IT infrastructures and the Internet. Most of these security bugs (and the viruses, worms, and exploits that derive from them) started out as programmer mistakes. With this easy-to-use guide, professional programmers and testers will learn how to recognize and prevent these vulnerabilities before their software reaches the market.

Immediate Benefits of This Workshop

1. Learn the skills to write secure Java applications
   
2. Learn what a security vulnerability is and why they are often overlooked
   
3. Gain the skills to stop introducing vulnerabilities as you develop updates and patches to your software
   
4. Learn about the trends of security vulnerabilities and what you must do to
   protect your Java applications
   
5. See that secure Java coding is a process that must be followed to reduce susceptibility of code to vulnerabilities
   
6. Get hands-on labs that allow you to test your new skills “in-the-classroom” before going live
   
7. Understand the top programming flaws that get exploited and how to stop
   them from occurring
   
8. Build secure Java coding techniques into your application development process
   
9. Learn the dangers of default or weak passwords and permitting relative
   and default paths
   
10. Understand the tradeoffs between functionality and security and how to
    find the right balance
    
11. Learn workarounds to offering administrative, software, and service
    back doors
    
12. Learn about the different type of software security attacks
    
13. Prevent security vulnerabilities early when the cost is minimal
    
14. Understand how hackers are able to find and exploit vulnerabilities
    
15. View your Java application from the eyes of a hacker
    
16. Improve your Java software development lifecycle by knowing how to
    integrate security at the development sta
17. Gain techniques for dynamic linking and loading, shells, scripts and macros
    
18. Learn from software security experts who wrote the book on finding and correcting unintended consequences and functionality in software
    
19. Reduce the time testers have to spend on your Java application
    
20. Learn about security-specific aspects of current technologies and how to leverage them
    
21. Protect against the common need to create temporary files
    
22. See how web applications are different from stand-alone applications and how that impacts your processes and techniques for preventing vulnerabilities
    
23. Learn 18 defensive coding principles to live by when programming with Java
    
24. Learn the difference between functional software testing and security software testing