Upcoming Course Dates & Locations: View Schedule
Type of Course: Classroom
Insecure software is one of the biggest threats organizations face today. As hackers turn their attention to the software and applications that make up an organization’s IT infrastructure, the best protection is building secure software and writing secure code.
Understand the key security features of the J2EE platform, the common web security mistakes developers make, and how to build secure and reliable web applications using Java. Students are lead through hands-on code examples that highlight issues and prescribe solutions.
All students are challenged with real-world examples that are reinforced by practical and realistic code-level lab exercises. This course uses Hacme Bookstore, a web security training application written by Foundstone and the sister application to Hacme Bank. Students are required to fix known issues in labs during the first three days and then renovate the entire bookstore’s code during the final workshop day.
All instruction is taught around JDK 1.4+. Where appropriate, features of older versions are described for completeness.
Implementing traditional security countermeasures is becoming less effective at protecting organizations’ critical assets. Flaws in poorly developed software are open invitations to malicious intruders who are adept at identifying programming flaws. Developers must learn how to avoid introducing vulnerabilities and implement security measures effectively into their code.
Foundstone instructors are software developers who have performed hundreds of software audits and code reviews, and have run software security programs at major financial services companies. They have managed security programs at the Big Four accounting firms, the United States Air Force, and on Wall Street, and are frequent authors and public speakers. Most importantly, they are professional software developers.
This course is for professional software developers or software security auditors who have been working with the J2EE framework for at least one year. A comprehensive knowledge of the J2EE framework, the Java language, and web technology is required.
This course qualifies for up to 32 hours of continuing professional education (CPE) credits for Certified Information Systems Security Professional (CISSP)/Systems Security Certified Practitioner (SSCP).