Course Duration : 3 Days

 

EC-Council Certified Secure Programming (ECSP Java)

Today, Java is embedded in more than 3 billion devices such as laptops, data centers, game consoles, super computers, mobile phones, smart cards, and many more. Java is widely adopted because of its platform and architecture independent characteristics that encourages developers and industry alike.

ECSP-Java is comprehensive course that provides hands-on training covering Java security features, policies, strengths, and weaknesses. It helps developers understand how to write secure and robust Java applications and provides advanced knowledge in various aspects of secure Java development that can effectively prevent hostile and buggy code. The end result of security Java coding practices include saving valuable effort, money, time, and possibly the reputation of organizations using Javacoded applications.

Students in this course will acquire knowledge in the following areas:

  • Java security principles and secure coding practices
  • Java Security Platform, Sandbox, JVM, Class loading, Bytecode verifier, Security Manager, security policies, and Java Security Framework
  • Secure Software Development Lifecycle, threat modelling, software security frameworks, and secure software architectures
  • Best practices and standards and guidelines for secure file input/output and serialization
  • Java input validation techniques, validation errors, and best practices
  • Java exceptions, erroneous behaviors, and the best practices to handle or avoid them
  • Secure authentication and authorization processes
  • Java Authentication and Authorization Service (JAAS), its architecture, Pluggable Authentication Module (PAM) Framework, and access permissions through Java Security Model
  • Secure Java concurrency and session management that includes Java Memory Model, Java Thread Implementation methods, secure coding practices, and guidelines for handling threads, race conditions, and deadlocks
  • Core security coding practices of Java Cryptography that includes Encryption, KeyGenerator, implementation of Cipher Class, Digital Signatures, Secret Keys, and key management
  • Various Java application vulnerabilities such as Cross-Site Scripting (XSS), Cross Site Request Forgery (CSRF), Directory Traversal vulnerability, HTTP Response Splitting attack, Parameter Manipulation, Injection Attacks and their countermeasures
  • Coding testing and review techniques and practices

The ECSP certication is intended for programmers who are responsible for designing and building secure Windows/Web based applications with Java. It is designed for developers who have Java development skills

  1. Module 1 : Introduction to Java Security
  2. Module 2 : Secure Software Development
  3. Module 3 : File Input and Output and Serialization
  4. Module 4 : Input Validation
  5. Module 5 : Error Handling and Logging
  6. Module 6 : Authentication and Authorisation
  7. Module 7 : Java Authentication and Authorisation Services (JAAS)
  8. Module 8 : Java Concurrency and Session Management
  9. Module 9 : Java Cryptography
  10. Module 10 : Java Application Vulnerabilities