TI284
Information technology

Java Security

Master Java security: classloaders, permissions, authentication, encryption, and web security
Print


The Java language inherently contains numerous mechanisms for developing secure programs. These mechanisms address various aspects of security, such as integrity, confidentiality, identification, and protection against malicious attacks.

Objectives

The objective of this training is to enable participants to gain a comprehensive understanding of Java application security: identifying vulnerabilities, using security APIs (JCE, JAAS), implementing secure coding practices and cryptography, authentication, and auditing mechanisms. It also incorporates best practices for secure development and incident and risk management.

Is it for you ?

Developers, designers, project managers, technical architects

Prerequisite

Have programming experience in JAVA.

Your benefits

  • Master JVM security mechanisms including classloaders, bytecode verification, and memory management
  • Configure and enforce security policies using the Java Security Manager and permissions
  • Implement authentication and authorization solutions with JAAS and role management
  • Secure applications with digital signatures, keystores, and AES/RSA encryption
  • Identify web vulnerabilities (OWASP) and perform dynamic application security testing with specialized tools

    • Content

    Introduction and reminders

    Loading and verifying classes

    • Role of the Java compiler
    • Role of classloaders
    • The different memory areas of the JVM and their management by the garbage collector
    • Hierarchy of the different classloaders
    • Verifying bytecode
    • Dynamic class loading
    • Implementing a class loader
    • Practical work: Modifying a .class file and executing it with the -noverify option, Implementing a class loader that loads encrypted classes
    See more + / -

    Security manager and permissions

    • Controllable operations
    • Activating the security manager
    • Protection domain, code source, and permissions
    • API overview
    • Policy file
    • Permission classes
    • Implementing a Permission class
    • Practical work: Developing a policy file, implementing a Permission class

    JAAS, Authentication, and Authorizations

    • Introduction to JAAS
    • LoginContext and LoginModule
    • Configuration and stacking of login modules
    • Available LoginModules
    • Implementing a specific login module, CallbackHandlers
    • Packaging a login module
    • Authorizations, Subject Objects, and Principals
    • PrivilegedAction interface
    • Permission configuration
    • Practical work: Implementation of a LoginModule, configuration of authorizations based on user roles

    Digital signatures and encryption

    • Message digest: SHA1 and MD5
    • The keytool tool and keystores
    • The jarsigner tool
    • Certification authorities
    • Deployment of signed code on an intranet or the internet
    • Keystore-based permissions
    • Data encryption, AES and RSA algorithms
    • Practical work: Verifying a fingerprint, Deploying an applet on an intranet, Symmetric and asymmetric encryption

    Applying security in a web environment

    • Securing a Java application server
    • Securing a Java application server
    • User authentication, web application deployment descriptor
    • Configuring module logins in major application servers
    • Declarative security for various Java EE third parties
    • SSL
    • Practical work: Securing a web application

    Web attacks

    • OWASP resources
    • The ten most critical web application security risks according to OWASP
    • Identifying the main risks in cybersecurity

    Dynamic application auditing with APPSCAN Standard

    • Configuring a scan
    • Launching the scan operation
    • Analyzing the results

    💡 Useful information

    Our training sessions are offered in Montreal or Quebec City, in person or in virtual format. Dates and locations are provided when you select your session below. If you have any questions regarding registration, schedules, the language of instruction, or cancellation policies, please consult our FAQ .

    Duration
    3 days
    Schedule
    See training dates for details
    Regular fee
    $1,485
    Preferential fee A preferential rate is offered to public institutions, to members of certain professional organizations as well as to companies that do a certain amount of business with Technologia. To know more, please read the "Registration and rates" section on our FAQ page. Please note that preferential rates are not available for online training courses. Discounts cannot be combined with other offers.
    $1,335
    Private or personalized training

    Do you have several employees interested in the same training course? Whether in person at your offices or remotely in virtual mode, we offer private training courses tailored to your team's needs. Group rates are available. Contact us for more details or request a quote online.

    Request a quote

    Request in-company training

    Do you have several employees interested in the same training course? Whether in person at your offices or remotely in virtual mode, we offer private training courses tailored to your team's needs. Group rates are available. Contact us for more details or request a quote online.

    Tell us more

    Similar trainings

    See all Surveillance and security trainings
    Added to cart View my cart