JAVA SECURITY

admin
Last Update April 17, 2022
0 already enrolled

About This Course

Course Overview :

Java security technology includes a large set of APIs, tools, and implementations of commonly used security algorithms, mechanisms, and protocols. The Java security APIs span a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control. Java security technology provides the developer with a comprehensive security framework for writing applications, and also provides the user or administrator with a set of tools to securely manage applications. .

Prerequisites
  • Java programming experience is assumed – both structured and object-oriented techniques.
  • knowledge of Java EE architecture and development is also required, though extensive practical experience with Java EE development is not strictly necessary.

Course Content

  • Java SE Security
    • Holistic Security Practices
    • Threats to the User
    • The Class Loader and Bytecode Verifier
    • System Classes and the Core API
    • SecurityManager and AccessController
    • Permissions
    • Implication
    • CodeSources
    • Policies
    • Configuring Java SE Security
    • Dynamic Policies
    • Privileged Actions
  • Code Signature and Key Management
    • Encryption and Digital Signature
    • Keystores
    • Keys and Certificates
    • Certificate Authorities
    • The KeyStore API
    • Signing JARs
    • Signed CodeSources
    • Additional Policy Semantics
  • Secure Development Practices: Java SE
    • Code Injection
    • Final Classes and Methods
    • Singletons, Factories, and Flyweights
    • Methods, Collections, and Data Hiding
    • Sealing JARs
    • Code Obfuscation
    • Object Serialization
  • Cryptography
    • Threats to Identity and Privacy
    • The Java Cryptography Extensions
    • The Signature Class
    • SignedObjects
    • The Java Cryptography Extensions
    • SecretKeys and KeyGenerator
    • The Cipher Class
    • Dangerous Practices
    • HTTP and JSSE
  • JAAS
    • Pluggable Authentication Logic
    • JAAS
    • Packages and Interfaces
    • Subjects and Principals
    • ANDs and ORs
    • Impersonation Methods
    • Permissions for JAAS Use
    • LoginContext and LoginModule
    • Configuring JAAS
    • CallbackHandler and Callbacks
    • Implementing a JAAS Client
    • Implementing a LoginModule
  • Java EE Security
    • Java EE Servers as Code Hosts
    • Tomcat Security Configuration
    • Declaring Roles
    • Securing URLs
    • HTTP Authentication Schemes
    • Securing EJBs
    • Programmatic Security
    • JAAS in Java EE
    • Realms and LoginModules
    • JAAS in Tomcat
    • JACC
    • Certifying a Java EE Application
    • HTTPS Configuration
  • Secure Development Practices: Java EE
    • Presentation-Tier Vulnerabilities
    • User Accounts
    • MVC and Security
    • Validating User Input
    • SQL Injection
    • Cross-Site Scripting
    • Reflected XSS
    • Defeating XSS
    • OWASP
    • Penetration Testing
    • Error Handling and Information Leakage
    • Logging and Auditing
  • Conclusion

Your Instructors

admin

0/5
42 Courses
0 Reviews
1 Student
See more
general
Free
Level
Copyright © 2020. All rights reserved.
Select the fields to be shown. Others will be hidden. Drag and drop to rearrange the order.
  • Image
  • SKU
  • Rating
  • Price
  • Stock
  • Availability
  • Add to cart
  • Description
  • Content
  • Weight
  • Dimensions
  • Additional information
Click outside to hide the comparison bar
Compare