Secure Developer Java (Inc OWASP) Training Course
This course covers the secure coding concepts and principles with Java through Open Web Application Security Project (OWASP) methodology of testing. The Open Web Application Security Project is an online community which creates freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.
This course is available as onsite live training in Uzbekistan or online live training.Course Outline
- understand the web Threats and Attack Vectors
- know the Secure Design Principles
- understand OWASP Top 10 attacks
- understand the Authentication and Authorization problems
- know how to prevent Cross-Site Scripting
- know how to prevent Cross-Site Request Forgery
- understand the secure Development Cycle
- know how to prevent Injection Attacks
- understand the protections in JDBC and JPA
- understand the Penetration Testing methodologies
- Know how to secure Java Applications
Requirements
- Experience with Java.
- Experience of creating web applications.
Open Training Courses require 5+ participants.
Secure Developer Java (Inc OWASP) Training Course - Booking
Secure Developer Java (Inc OWASP) Training Course - Enquiry
Secure Developer Java (Inc OWASP) - Consultancy Enquiry
Testimonials (3)
The topic is current and I needed to be updated
Damilano Marco - SIAP s.r.l.
Course - Secure Developer Java (Inc OWASP)
It was quite comprehensive, the information was clear and succinct.
Sebastian-Daniel - BRD
Course - Secure Developer Java (Inc OWASP)
Multiple examples for each module and great knowledge of the trainer.
Sebastian - BRD
Course - Secure Developer Java (Inc OWASP)
Upcoming Courses
Related Courses
Network Security and Secure Communication
21 HoursDeveloping a secure networked application is challenging, even for developers familiar with cryptographic building blocks like encryption and digital signatures. To help participants grasp the role and application of these cryptographic primitives, the course establishes a solid foundation on the core requirements of secure communication: secure acknowledgment, integrity, confidentiality, remote identification, and anonymity. It also highlights common threats to these requirements and presents real-world solutions.
Given that cryptography is a critical component of network security, the course examines the most important cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement. Rather than focusing on complex mathematical theories, these topics are approached from a developer’s perspective, featuring typical use-case examples and practical considerations such as public key infrastructures. The course introduces security protocols used in various areas of secure communication, with an in-depth exploration of widely adopted protocol families like IPSEC and SSL/TLS.
Typical cryptographic vulnerabilities are discussed, both concerning specific algorithms and protocols. Examples include BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, POODLE, and RSA timing attacks. For each issue, practical implications and potential consequences are explained without delving into deep mathematical details.
Finally, as XML technology is central to data exchange in networked applications, the course covers XML security. This includes the use of XML in web services and SOAP messages, alongside protection mechanisms like XML signature and XML encryption. The course also addresses weaknesses in these protection measures and XML-specific security issues such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.
Participants attending this course will
- Understand basic concepts of security, IT security, and secure coding
- Understand the requirements of secure communication
- Learn about network attacks and defenses at different OSI layers
- Gain a practical understanding of cryptography
- Understand essential security protocols
- Understand some recent attacks against cryptosystems
- Get information about some recent related vulnerabilities
- Understand security concepts of Web services
- Get sources and further readings on secure coding practices
Audience
Developers, Professionals
C/C++ Secure Coding
21 HoursDeveloping secure C and C++ applications demands robust defenses against malicious exploitation, memory corruption, and input validation bypasses. This program explores common vulnerability patterns such as buffer overflows, use-after-free errors, integer overflows, and type confusion. Participants will implement secure coding standards, leverage static analysis tools, and apply defensive programming techniques to eliminate weaknesses, enforce input sanitization, and deliver hardened software that is resilient against cyber threats.
Advanced Java Security
21 HoursEven seasoned Java developers often do not fully master the full range of security services provided by Java, nor are they always aware of the different vulnerabilities that apply to Java-based web applications.
This course introduces the security components of Java Standard Edition, while also addressing security issues in Java Enterprise Edition (JEE) and web services. The discussion of specific services begins with the fundamentals of cryptography and secure communication. Through various exercises, participants explore declarative and programmatic security techniques in JEE, as well as both transport-layer and end-to-end security for web services. Practical exercises allow participants to actively try out the discussed APIs and tools.
The course also covers and explains the most common and serious programming flaws in the Java language and platform, along with web-related vulnerabilities. In addition to typical bugs made by Java developers, the security vulnerabilities addressed include both language-specific issues and problems arising from the runtime environment. All vulnerabilities and associated attacks are demonstrated through easy-to-understand exercises, followed by recommended coding guidelines and potential mitigation techniques.
Participants attending this course will
- Grasp the fundamental concepts of security, IT security, and secure coding
- Learn about web vulnerabilities beyond the OWASP Top Ten and understand how to prevent them
- Understand the security concepts of web services
- Learn how to utilize various security features of the Java development environment
- Gain a practical understanding of cryptography
- Understand the security solutions within Java EE
- Learn about typical coding mistakes and how to avoid them
- Receive information on recent vulnerabilities in the Java framework
- Gain practical experience using security testing tools
- Obtain resources and further reading materials on secure coding practices
Audience
Developers
Groovy Programming
21 HoursApache Groovy is a dynamic programming language designed for the JVM (Java Virtual Machine). It offers features such as scripting, Domain-Specific Language creation, runtime and compile-time meta-programming, and functional programming. Groovy is frequently used alongside Java to enhance its capabilities.
In this instructor-led, live training session, participants will gain hands-on experience in Groovy programming by building a sample application from scratch.
Audience
- Developers
Format of the course
- A mix of lectures, discussions, exercises, and extensive hands-on practice
Groovy Programming for Beginners
14 HoursThis instructor-led, live training in Uzbekistan (online or onsite) is designed for beginner-level developers aiming to learn the basics of Groovy Programming.
By the end of this training, participants will be able to:
- Understand fundamental programming concepts.
- Write simple Groovy scripts and utilize its core features.
- Understand and apply basic principles of object-oriented programming using Groovy.
- Learn essential error-handling techniques to manage common programming errors and exceptions in Groovy.
Java Microservices
21 HoursThis instructor-led, live training in Uzbekistan (online or onsite) is tailored for intermediate-level Java developers aiming to design, develop, deploy, and maintain microservices-based applications using Java frameworks like Spring Boot and Spring Cloud.
By the end of this training, participants will be able to:
- Understand the principles and benefits of microservices architecture.
- Build and deploy microservices using Java and Spring Boot.
- Implement service discovery, configuration management, and API gateways.
- Secure, monitor, and scale microservices effectively.
- Deploy microservices using Docker and Kubernetes.
Building Microservices with Spring Boot, Docker, and Kubernetes
21 HoursThis instructor-led, live training in Uzbekistan (available in online or onsite formats) is designed for intermediate to advanced developers aiming to master the development of microservices using Spring Boot, Docker, and Kubernetes.
Upon completing this training, participants will be capable of:
- Grasping the core principles of microservices architecture.
- Developing production-ready microservices using Spring Boot.
- Recognizing the essential role of Docker in containerizing microservices.
- Setting up Kubernetes clusters to deploy and manage microservices.
Quarkus for Developers
14 HoursThis instructor-led live training in Uzbekistan (online or onsite) is tailored for developers who wish to use Quarkus to build, test, and deploy applications, fully leveraging Java while minimizing resource utilization.
By the end of this training, participants will be able to:
- Set up the necessary development environment to start developing applications with Quarkus.
- Build, compile, and run applications in native mode using GraalVM.
- Utilize Quarkus tooling and extensions for building native applications using Maven.
- Containerize, execute, and deploy applications with Docker.
Quarkus for Java Native and Microservice Development
40 HoursThis instructor-led, live training in Uzbekistan (online or onsite) is aimed at intermediate-level to advanced-level developers and architects who wish to develop Java native applications and microservices using Quarkus with optimized memory usage and startup time.
By the end of this training, participants will be able to:
- Develop high-performance, lightweight Java native applications using Quarkus.
- Build and deploy RESTful services and microservices architectures.
- Use GraalVM for native compilation and optimize startup and memory efficiency.
- Package and containerize applications for Kubernetes and OpenShift environments.
RabbitMQ with Java and Spring
14 HoursThis instructor-led, live training in Uzbekistan (online or onsite) is aimed at software architects and web developers who wish to use RabbitMQ as a messaging middle-ware and program in Java using Spring to build applications.
By the end of this training, participants will be able to:
- Use Java and Spring with RabbitMQ to build applications.
- Design asynchronous message driven systems using RabbitMQ.
- Create and apply queues, topics, exchanges, and bindings in RabbitMQ
Spring Boot, React, and Redux
14 HoursThis instructor-led, live training in Uzbekistan (online or onsite) is targeted at web developers who wish to build functional front-end and back-end web applications using Spring Boot, React, and Redux.
By the end of this training, participants will be able to:
- Build a front-end application with React and Redux.
- Create RESTful APIs with Spring Boot.
- Secure web services with Spring security and JWT web tokens.
Spring 5
21 HoursThis instructor-led, live training in Uzbekistan (online or on-site) is designed for Java developers who want to leverage the Spring 5 framework to develop and deploy enterprise-grade web applications.
By the end of this training, participants will be able to:
- Install and configure Spring 5.
- Understand and implement the latest features of Spring 5.
- Access databases using Spring Applications.
- Utilise the new reactive web framework, WebFlux, to create reactive applications.
- Integrate a Spring application with legacy Java EE applications.
- Test and deploy an enterprise-grade Spring application.
Spring Basics with Spring Boot 3.5.5 and Java 21
14 HoursSpring is a robust Java framework that streamlines enterprise application development by offering powerful dependency injection, a modular architecture, and simplified configuration options.
This instructor-led live training, available online or on-site, is designed for beginner-level Java developers who aim to create modern, production-ready web applications using the latest Spring Framework and Spring Boot 3.5.5 alongside Java 21.
Upon completion of this training, participants will be capable of:
- Grasping Spring’s core principles, including Inversion of Control (IoC), Dependency Injection (DI), and Aspect-Oriented Programming (AOP).
- Configuring Spring applications using XML, annotations, and JavaConfig.
- Developing RESTful services with Spring Boot and JPA.
- Implementing CRUD operations, managing transactions, and handling data persistence.
- Leveraging advanced Spring features such as profiles, exception handling, and data serialization.
Course Format
- A concise theoretical introduction followed by extensive practical exercises.
- Hands-on implementation using real-world examples.
- Interactive discussions and guided troubleshooting sessions.
Customization Options
- To arrange a customized training for this course, please contact us.
Spring WebFlux: Reactive Programming for Scalable Web Applications
35 HoursSpring WebFlux is a reactive programming module within the Spring Framework designed for building non-blocking, event-driven web applications.
This instructor-led, live training (available online or on-site) is tailored for beginner to intermediate-level Java developers aiming to build scalable and responsive applications using Spring WebFlux.
Upon completing this training, participants will be able to:
- Grasp the fundamentals of reactive programming with Project Reactor.
- Develop and test non-blocking RESTful APIs using Spring WebFlux.
- Seamlessly integrate WebFlux with databases and external services.
- Apply reactive design patterns to real-world application scenarios.
Course Format
- Interactive lectures and group discussions.
- Abundant hands-on exercises and practical sessions.
- Live-lab implementation for real-time experience.
Customization Options
- To request a customized version of this course, please contact us to arrange.
Spring Webflux
14 HoursThis instructor-led, live training in Uzbekistan (online or on-site) is designed for developers who wish to use WebFlux to develop and deploy reactive applications.
By the end of this training, participants will be able to:
- Install and configure Spring 5 and the WebFlux framework.
- Develop reactive applications and services.