Training: Secure Programming in Java
Booking
Duration: 3 Days
Contact: Siddhesh Nikude
Inquire via E-Mail
Phone: +91-95-52572354
Available Languages
- English
- German
Audience
Software Engineers and related roles (developers, architects, security professionals, quality assurance engineers) that create software in Java for sensitive environments
Precondition
Good knowledge of the Java Programming Language and basic software development concepts.
Goals
Learn how to write secure code in Java.
Contents
- Generic Secure Programming Knowledge
- CVE - Common Vulnerabilities and Exposures
- CWE - Common Weakness Enumeration
- Impact of insecure programming on security and functional safety
- Principle of Least Privilege
- Attack Vectors to protect against
- Compromised Credentials
- Weak Credentials
- Insider Threats
- Missing or Poor Encryption
- Misconfiguration
- Buffer overflows/overruns/underflows/underruns
- Padding
- Junk data and Junk code
- Path Traversal
- Secure Programming and the SDLC
- Requirements Engineering
- Security Target of Evaluation
- Testing and Test-Driven Development
- Continuous Integration
- Continuous Design Improvement
- Git Flow vs Trunk-Based Development
- Pair and Ensemble Programming
- Code Reviews and Code Walkthroughs
- Rules and Recommendations
- Input Validation and Data Sanitation
- Declarations and Initialization
- Expressions
- Numeric Types and Operations
- Characters and Strings
- Object Orientation
- Methods
- Exceptional Behavior
- Visibility and Atomicity
- Locking
- Thread APIs
- Thread Pools
- Thread-Safety Miscellaneous
- Input Output
- Serialization
- Platform Security
- Runtime Environment
- Java Native Interface
- Concurrency
- Miscellaneous
- Side-Channel Attacks and Software Defenses
- Flow Control
- Redundant Masked Parameters
- Time-invariant algorithms
- Memory Checksums
- Watermarks
- Noise Injection
- Using Static Code Analysis to find Security Issues
- Checkstyle
- PMD
- SonarLint
The course is largely, but not exclusively, based on the SEI CERT Java Coding Standard. The course uses Java 21 with the Azul Zulu JDK (FX), and JUnit. Java EA 22/23 features will be covered if relevant for security.
The course language is Java. Nelkinda also offers this course in other languages, for example, C, C++, and Kotlin.
Event Type
This is a full-day instructor-led open (anyone can register) or in-house classroom training about Secure Programming in Java. The course comprises of live lecture/presentation, interactive instructor-led live coding, and instructor-guided hands-on pair/ensemble labs and exercises. The number of seats is limited to ensure the best quality training for the participants. For open training, the course fee includes snacks and lunch.
Trainer
Your trainer for this event is Christian Hujer.
Christian Hujer has experience with embedded CPU and Microcontrollers since 1984, for example, Zilog Z80A, MOS 6502, Motorola, 68000, Samsung CalmRISC/SecuCalm, ARM, Infineon TriCore, Atmel AVR, Hitachi H8, and Intel 80x51. He has 20 years of experience in secure programming. He's been training developers and teams for organizations like BNP Paribas, Elsevier, Giesecke & Devrient, Nokia, SUN Microsystems, Volkswagen, and many others.