Java Security Workshop
(JSECU, Live Instructor-Led Training, 4 days)


Description

This SETC certified course is essential for any developer who are working on front-end web application or working on the security infrasctruture of an Enterprise Java application. The course content aims to demystify Java SE and EE security at all levels. Starting with an overview of threats and ricks, the student is guided in a hands-on exploration of JAAS (Java Authentication and Authorization services), followed by creating custom security providers and best practices.

Dates and Pricing


Jan 23 to Jan 26, 2018$2,500/person Feb 20 to Feb 23, 2018$2,500/person Mar 20 to Mar 23, 2018$2,500/person

Outline

The Java Security Framework
The Need for a Robust Security Framework
Protecting Enterprise Resources
Java SE Security Model
About the Security Model
Users, Groups and Roles
About Securing Resources
Authentication
Web Application Security
Implementing Security
BEA WebLogic Server Security
Security Framework Overview
JAAS
Subjects and Principals
Security Realms
About Roles
Security Providers
Web Application Security
Security Threats and Vulnerabilities
Types of Attacks
Digital Signatures
Certificates
Secure Sockets Layer (SSL)
Public Key Infrastructure (PKI)
Antivirus Products, Firewalls and Sniffers
Web Application Security Best Practices
The Security Policy
Security Updates
Keys and Certificates
Logging and Auditing
Securing WebLogic Server Applications
The Default Realm
Selecting a Realm
Creating Users and Groups
Global Roles
Scoped Roles
Security Policies
The Lightweight Directory Access Protocol (LDAP)
External LDAP Servers
JNDI Authentication
JMS Security
Overview of JMS Security
JMS Security Architecture
Authentication
Authorization
Roles
Using Encryption: Java Encryption Extensions
JAAS
Overview
JAAS Configuration
Callback Handlers
Using LoginContext
Writing the Code
Executing the Code
Creating a Custom Security Provider
The SecurityProvider Interface
The AuthenticationProvider Interface
The LoginModule Interface
WebLogic Definition Files
Building and Deploying Custom Security Providers
SSL
Digital Certificates
Server Authentiation
Mutual Authentication
Establishing Domain Trusts
Best Practices
User Lockout
Connection Filtering
Advisories and Notifications
Machine Security
File System Security
Network Connections
DOS Attacks
Tuning and Auditing