Java is used to develop full featured and very powerful corporate applications. To minimise the likelihood of security vulnerabilities caused by programmer error, Java developers must understand and adhere to best practices.
This course aims to provide the knowledge and resources required to evaluate the security of Java applications. The participants, through the understanding of theory and practical exercises carried out by them, will be able to identify critical vulnerabilities in web applications and implement the necessary corrective measures.
It is recommended that participants on the Web Application Secure Coding in Java have completed the Web Application Security Training course. Please see Related Training at the end of this page.
The course is aligned with the OWASP Top 10, a world-renowned reference document which describes the most critical web application security flaws.
The topics covered include:
• General Web Application Security Concepts
• Java Security Features
• Identify security vulnerabilities in code (OWASP Top 10, SANS 25)
• Implement Security Controls
• Authentication
• Session Management
• Access control
• Input validation
• Output encoding/escaping
• Cryptography
• Error handling and logging
• Data Protection
• HTTP security
• Incorporate security into the development process
Format: The course combines theory and hands-on practical exercises. The participants learn to identify vulnerabilities in a dummy Java web application purpose-built and containing the bugs and coding errors they have learned about. This provides an ideal ‘real-life’ opportunity to exploit these vulnerabilities using different open source tools and techniques in a safe environment.
Duration: 1 day (8 hours)
The course is designed for:
• Software Developers
• Quality Assurance professionals
• System Architects
• Information Security Professionals
As an ISC2 Official Training Partner, we provide access to world-class certifications such as CISSP®, CCSP®, and SSCP®, delivering training that aligns with the latest industry standards.
By partnering with ISC2, we ensure our clients stay ahead in the ever-evolving cybersecurity landscape, confidently equipped to protect critical data and infrastructure.
Senior Official ISC2 Authorised Instructor for CISSP, CCSP, CSSLP and SSCP
Fabio Cerullo is the Managing Director of Cycubix. He has extensive experience in understanding and addressing the challenges of cybersecurity from over two decades working in and with organisations across a diverse range of industries – from financial services to government departments, technology and manufacturing.
Fabio Cerullo is a Senior Authorised Instructor for ISC2,the global leader in information security education and certification. Fabio has delivered training to thousands of IT and security professionals world wide in cyber, cloud, and application security. As a member of ISC2 and OWASP organisations, Fabio helps individuals and organisations strengthen their application security posture and build fruitful relationships with governments, industry and educational institutions.
Fabio is a regular speaker and delivers training at events organised by leading Cybersecurity associations including OWASP and ISC2. He holds a Msc in Computer Engineering from UCA and the SSCP, CISSP, CSSLP & CCSP certifications from ISC2.
Fabio Cerullo is the Managing Director of Cycubix. He has extensive experience in understanding and addressing the challenges of cybersecurity from over two decades working in and with organisations across a diverse range of industries – from financial services to government departments, technology and manufacturing.
Fabio Cerullo is a Senior Authorised Instructor for ISC2,the global leader in information security education and certification. Fabio has delivered training to thousands of IT and security professionals world wide in cyber, cloud, and application security. As a member of ISC2 and OWASP organisations, Fabio helps individuals and organisations strengthen their application security posture and build fruitful relationships with governments, industry and educational institutions.
Fabio is a regular speaker and delivers training at events organised by leading Cybersecurity associations including OWASP and ISC2. He holds a Msc in Computer Engineering from UCA and the SSCP, CISSP, CSSLP & CCSP certifications from ISC2.
.NET provides unprecedented flexibility and productivity to web application developers. Application developers are responsible for understanding the limitations of .NET and adopting best practices to ensure that their code is secure.
The Certified Secure Software Lifecycle Professional (CSSLP) is the industry’s premier secure software development certification
Web applications play a key role in the success of an organisation – from streamlining business processes to creating online interactions that ensure a positive customer experience. However, web applications do allow access to critical and confidential resources. But without understanding web application vulnerabilities and addressing them, organisations risk their data, their operations and their reputation.
Security must be an integral part of the development process and consider risks in a focused and efficient way. Including threat modeling in the application life cycle ensures that applications are developed with security built-in from inception.
The Payment Card Industry Data Security Standard (PCI DSS) enhances cardholder data security. Applications that process card data must be secure. Specific knowledge and skills helps developers to code defensively and meet the secure coding and application security standards required by PCI DSS.
