JSP - How to Write a Secured JAVA Code (J2EE)

Course Introduction
Today's Internet Enabled Application developer must be able to efficiently understand the concept of secure coding technics to develop a secure application. In order to provide a total secure solutions from operating system level to application level. This course provides all those necessary skills for programming developer to understand how to apply knowledge, techniques and tools in develop much more secure JAVA (J2EE) Application in Real world.

Course Objectives
Graduates of this program will have the knowledge and skills needed to meet the real-world challenges faced by Application Software developer. They can prevent suspicious activities that might compromise the system and application. A secure coding can provide an advance security on systems.

Learning Level
Advance

Course Duration
5 Days (30 Hours)

Prerequisites
JAVA (J2EE) framework knowledge.

Target Group
Web application developer Software Quality Assuror IT Manager

Course Outline
Day 1 Web Application Security Terminology o o o o Vulnerabilities Exploit Attack Countermeasure

P R OG R A M O R G A NI Z E D B Y :

More information & Registration Please Contact

Mr.TanapatChaipimol Tel:(66) 2-650-5771 ext. 105 Fax: (66) 2-650 5597 E-mail: tanapat.ch@acisonline.net acis-training@acisonline.net

Ms.Athitiya Weerayasobprasong Tel:(66) 2-650-5771 ext. 104 Fax: (66) 2-650 5596 E-mail: athitiya.w@acisonline.net www.acisonline.net

Web Application Technology o o HTTP Protocols Web Functionalities

Hacking Mentality o o o Goals Methodology Techniques and Tools

Introduction to Open Web Application Security Project (OWASP) o Informative Resources Top Vulnerability list Security Knowledge Base o Security Learning & Assessment Tools

Day 2 Workshop - How to apply OWASP's techniques and tools with J2EE Web Application o o o o o Day 3 Workshop - How to apply OWASP's techniques and tools with J2EE Web Application o o o o Day 4 Workshop - How to apply OWASP's techniques and tools with J2EE Web Application o o o Preventing Cross-Site Request Forgery Preventing Persistent (Stored) Cross-Site Scripting Preventing Reflected Cross-Site Scripting Preventing Command Injection Preventing SQL Injection Preventing Numeric Injection Preventing Path Injection Serious Attacks Introduction to Webgoat and Hacking Tools Introduction to Apaches Element Construction Set (ECS) Java API Proper Exception Handling Preventing Client-state Manipulation

o Hardening multi-tier Access Control

P R OG R A M O R G A NI Z E D B Y :

More information & Registration Please Contact

Mr.TanapatChaipimol Tel:(66) 2-650-5771 ext. 105 Fax: (66) 2-650 5597 E-mail: tanapat.ch@acisonline.net acis-training@acisonline.net

Ms.Athitiya Weerayasobprasong Tel:(66) 2-650-5771 ext. 104 Fax: (66) 2-650 5596 E-mail: athitiya.w@acisonline.net www.acisonline.net