Secure Developer Java (Inc OWASP) Training Course

Implementing a secure networked application can be difficult, even for developers who may have used various cryptographic building blocks (such as encryption and digital signatures) beforehand. In order to make the participants understand the role and usage of these cryptographic primitives, first a solid foundation on the main requirements of secure communication – secure acknowledgement, integrity, confidentiality, remote identification and anonymity – is given, while also presenting the typical problems that may damage these requirements along with real-world solutions.

As a critical aspect of network security is cryptography, the most important cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement are also discussed. Instead of presenting an in-depth mathematical background, these elements are discussed from a developer's perspective, showing typical use-case examples and practical considerations related to the use of crypto, such as public key infrastructures. Security protocols in many areas of secure communication are introduced, with an in-depth discussion on the most widely-used protocol families such as IPSEC and SSL/TLS.

Typical crypto vulnerabilities are discussed both related to certain crypto algorithms and cryptographic protocols, such as BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, POODLE and similar, as well as the RSA timing attack. In each case, the practical considerations and potential consequences are described for each problem, again, without going into deep mathematical details.

Finally, as XML technology is central for data exchange by networked applications, the security aspects of XML are described. This includes the usage of XML within web services and SOAP messages alongside protection measures such as XML signature and XML encryption – as well as weaknesses in those protection measures and XML-specific security issues such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Understand the requirements of secure communication
• Learn about network attacks and defenses at different OSI layers
• Have a practical understanding of cryptography
• Understand essential security protocols
• Understand some recent attacks against cryptosystems
• Get information about some recent related vulnerabilities
• Understand security concepts of Web services
• Get sources and further readings on secure coding practices

Audience

Developers, Professionals

Writing secure C and C++ code requires rigorous defense against malicious exploitation, memory corruption, and input validation bypasses. This program examines vulnerability patterns including buffer overflows, use-after-free, integer overflows, and type confusion. Participants apply secure coding guidelines, static analysis tools, and defensive programming techniques to eliminate weaknesses, enforce input sanitization, and deliver hardened software resilient against cyberattacks.

Even experienced Java programmers are not mastering by all means the various security services offered by Java, and are likewise not aware of the different vulnerabilities that are relevant for web applications written in Java.

The course – besides introducing security components of Standard Java Edition – deals with security issues of Java Enterprise Edition (JEE) and web services. Discussion of specific services is preceded with the foundations of cryptography and secure communication. Various exercises deal with declarative and programmatic security techniques in JEE, while both transport-layer and end-to-end security of web services is discussed. The use of all components is presented through several practical exercises, where participants can try out the discussed APIs and tools for themselves.

The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform and web-related vulnerabilities. Besides the typical bugs committed by Java programmers, the introduced security vulnerabilities cover both language-specific issues and problems stemming from the runtime environment. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Understand security concepts of Web services
• Learn to use various security features of the Java development environment
• Have a practical understanding of cryptography
• Understand security solutions of Java EE
• Learn about typical coding mistakes and how to avoid them
• Get information about some recent vulnerabilities in the Java framework
• Get practical knowledge in using security testing tools
• Get sources and further readings on secure coding practices

Audience

Developers

Apache Groovy is a JVM (Java Virtual Machine) dynamic programming language. Some of its features include scripting capabilities, Domain-Specific Language authoring, runtime and compile-time meta-programming and functional programming. Groovy is often used as a compliment to Java.

In this instructor-led, live training, participants will learn how to program in Groovy as they step through the creation of a sample application.

Audience

• Developers

Format of the course

• Part lecture, part discussion, exercises and heavy hands-on practice

This instructor-led, live training in Canada (online or onsite) is aimed at beginner-level developers who wish to learn the basics of Groovy Programming.

By the end of this training, participants will be able to:

• Understand the basic programming concepts.
• Write simple Groovy scripts and utilize Groovy core features.
• Understand and apply basic principles of object-oriented programming using Groovy.
• Learn basic error-handling techniques to manage common programming errors and exceptions in Groovy.

This instructor-led, live training in Canada (online or onsite) is aimed at intermediate-level Java developers who wish to design, develop, deploy, and maintain microservices-based applications using Java frameworks like Spring Boot and Spring Cloud.

By the end of this training, participants will be able to:

• Understand the principles and benefits of microservices architecture.
• Build and deploy microservices using Java and Spring Boot.
• Implement service discovery, configuration management, and API gateways.
• Secure, monitor, and scale microservices effectively.
• Deploy microservices using Docker and Kubernetes.

This instructor-led, live training in Canada (available online or onsite) is tailored for intermediate to advanced developers seeking to master the development of microservices using Spring Boot, Docker, and Kubernetes.

By the end of this training, participants will be able to:

• Comprehend microservices architecture principles.
• Build production-ready microservices using Spring Boot.
• Understand the critical role of Docker in containerizing microservices.
• Configure Kubernetes clusters to deploy and orchestrate microservices.

This instructor-led, live training in Canada (online or onsite) is aimed at developers who wish to use Quarkus to build, test, and deploy applications, fully-powered with Java, but with less resource utilization.

By the end of this training, participants will be able to:

• Set up the necessary development environment to start developing applications with Quarkus.
• Build, compile, and run applications in native mode using GraalVM.
• Utilize Quarkus tooling and extensions for building native applications using Maven.
• Containerize, execute, and deploy applications with Docker.

This instructor-led, live training in Canada (online or onsite) is aimed at intermediate-level to advanced-level developers and architects who wish to develop Java native applications and microservices using Quarkus with optimized memory usage and startup time.

By the end of this training, participants will be able to:

• Develop high-performance, lightweight Java native applications using Quarkus.
• Build and deploy RESTful services and microservices architectures.
• Use GraalVM for native compilation and optimize startup and memory efficiency.
• Package and containerize applications for Kubernetes and OpenShift environments.

This instructor-led, live training in Canada (online or onsite) is aimed at software architects and web developers who wish to use RabbitMQ as a messaging middle-ware and program in Java using Spring to build applications.

By the end of this training, participants will be able to:

• Use Java and Spring with RabbitMQ to build applications.
• Design asynchronous message driven systems using RabbitMQ.
• Create and apply queues, topics, exchanges, and bindings in RabbitMQ

This instructor-led, live training in Canada (online or onsite) is aimed at web developers who wish to build functional front-end and back-end web applications with Spring Boot, React, and Redux.

By the end of this training, participants will be able to:

• Build a front-end application with React and Redux.
• Create RESTful APIs with Spring Boot.
• Secure web services with Spring security and JWT web tokens.

This instructor-led, live training in Canada (online or onsite) is aimed at Java developers who wish to use the Spring 5 framework to develop and deploy build enterprise web applications.

By the end of this training, participants will be able to:

• Install and configure Spring 5.
• Understand and implement Spring 5's latest features.
• Access databases with Spring Application.
• Use the new reactive web framework, WebFlow, to make an application reactive.
• Integrate a Spring application with legacy Java EE applications.
• Test and deploy an enteprise-grade Spring application.

Spring is a comprehensive Java framework that simplifies enterprise application development by providing powerful dependency injection, modular architecture, and streamlined configuration options.

This instructor-led, live training (online or onsite) is aimed at beginner-level Java developers who wish to build modern, production-ready web applications using the latest version of Spring Framework and Spring Boot 3.5.5 with Java 21.

By the end of this training, participants will be able to:

• Understand Spring’s core principles including IoC, DI, and AOP.
• Configure Spring applications using XML, annotations, and JavaConfig.
• Develop RESTful services using Spring Boot and JPA.
• Implement CRUD operations, handle transactions, and manage data persistence.
• Use advanced Spring features such as profiles, exception handling, and data serialization.

Format of the Course

• Brief theoretical introduction followed by extensive practical exercises.
• Hands-on implementation using real-world examples.
• Interactive discussion and guided troubleshooting.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Spring WebFlux is a reactive programming module within the Spring Framework designed for building non-blocking, event-driven web applications.

This instructor-led, live training (online or onsite) is aimed at beginner-level to intermediate-level Java developers who wish to build scalable and responsive applications using Spring WebFlux.

By the end of this training, participants will be able to:

• Understand the fundamentals of reactive programming with Project Reactor.
• Build and test non-blocking RESTful APIs using Spring WebFlux.
• Integrate WebFlux with databases and external services.
• Apply reactive patterns to real-world application scenarios.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

This instructor-led, live training in Canada (online or onsite) is aimed at developers who wish to use WebFlux to develop and deploy reactive applications.

By the end of this training, participants will be able to:

• Install and configure Spring 5 and the WebFlux framework.
• Develop reactive application and services.