TI284
Information technology

Java Security

Master Java security: classloaders, permissions, authentication, encryption, and web security

The Java language inherently contains numerous mechanisms for developing secure programs. These mechanisms address various aspects of security, such as integrity, confidentiality, identification, and protection against malicious attacks.

Is it for you ?

Developers, designers, project managers, technical architects

Prerequisites

Have programming experience in JAVA.

What You'll Walk Away With

  • Master JVM security mechanisms including classloaders, bytecode verification, and memory management
  • Configure and enforce security policies using the Java Security Manager and permissions
  • Implement authentication and authorization solutions with JAAS and role management
  • Secure applications with digital signatures, keystores, and AES/RSA encryption
  • Identify web vulnerabilities (OWASP) and perform dynamic application security testing with specialized tools

Training content

1 Introduction and reminders

2 Loading and verifying classes

  • Role of the Java compiler
  • Role of classloaders
  • The different memory areas of the JVM and their management by the garbage collector
  • Hierarchy of the different classloaders
  • Verifying bytecode
  • Dynamic class loading
  • Implementing a class loader
  • Practical work: Modifying a .class file and executing it with the -noverify option, Implementing a class loader that loads encrypted classes

3 Security manager and permissions

  • Controllable operations
  • Activating the security manager
  • Protection domain, code source, and permissions
  • API overview
  • Policy file
  • Permission classes
  • Implementing a Permission class
  • Practical work: Developing a policy file, implementing a Permission class

4 JAAS, Authentication, and Authorizations

  • Introduction to JAAS
  • LoginContext and LoginModule
  • Configuration and stacking of login modules
  • Available LoginModules
  • Implementing a specific login module, CallbackHandlers
  • Packaging a login module
  • Authorizations, Subject Objects, and Principals
  • PrivilegedAction interface
  • Permission configuration
  • Practical work: Implementation of a LoginModule, configuration of authorizations based on user roles

5 Digital signatures and encryption

  • Message digest: SHA1 and MD5
  • The keytool tool and keystores
  • The jarsigner tool
  • Certification authorities
  • Deployment of signed code on an intranet or the internet
  • Keystore-based permissions
  • Data encryption, AES and RSA algorithms
  • Practical work: Verifying a fingerprint, Deploying an applet on an intranet, Symmetric and asymmetric encryption

6 Applying security in a web environment

  • Securing a Java application server
  • Securing a Java application server
  • User authentication, web application deployment descriptor
  • Configuring module logins in major application servers
  • Declarative security for various Java EE third parties
  • SSL
  • Practical work: Securing a web application

7 Web attacks

  • OWASP resources
  • The ten most critical web application security risks according to OWASP
  • Identifying the main risks in cybersecurity

8 Dynamic application auditing with APPSCAN Standard

  • Configuring a scan
  • Launching the scan operation
  • Analyzing the results
See more

📌 Practical information

Our training sessions are offered in Montreal or Quebec City, in person or in a virtual classroom. Dates and locations are specified when you select your session below. If you have any questions, check out our FAQ.

Duration
3 days
Schedule
See training dates for details
Regular fee
$1,485
Preferential fee A preferential rate is offered to public institutions, to members of certain professional organizations as well as to companies that do a certain amount of business with Technologia. To know more, please read the "Registration and rates" section on our FAQ page. Please note that preferential rates are not available for online training courses. Discounts cannot be combined with other offers.
$1,335
Private or personalized training

Do you have several employees interested in the same training course? Whether in person at your offices or remotely in virtual mode, we offer private training courses tailored to your team's needs. Group rates are available. Contact us for more details or request a quote online.

Request a quote

Request in-company training

Do you have several employees interested in the same training course? Whether in person at your offices or remotely in virtual mode, we offer private training courses tailored to your team's needs. Group rates are available. Contact us for more details or request a quote online.

Tell us more
Added to cart View my cart