JAVA-SC

New Secure Programming in Java

OWASP, Spring Security, Secure Coding Guidelines, SonarQube Vulnerability Rules
Form of participation
Form of training
Length of training
  • 2 day (2×8 Lessons)
  • daily 9:00 - 17:00
Available languages
  • Hungarian
Dates
Would you like a custom made solution, group training on this topic?
Find out more about our customised training services here.

Description

This course covers the rules that Java developers must follow to make their applications as secure as possible. Security is examined from multiple aspects:

  • OWASP: common attack techniques and their defenses
  • Secure Coding Guidelines for Java SE: Oracle recommendations
  • SonarQube Vulnerability Rules

The course is unique in that it focuses on defense rather than attack methods. Participants will not become ethical hackers, but they will be able to write code resilient to most attacks.

Practical exercises are mainly based on Spring Security, which provides built-in protective mechanisms, but the acquired knowledge can be applied to any Java application.

The course transforms dry specifications into valuable, hands-on knowledge through practical exercises.

Outline

  • OWASP 2025
    • A01 Broken Access Control
    • A02 Security Misconfiguration
    • A03 Software Supply Chain Failures
    • A04 Cryptographic Failures
    • A05 Injection
    • A06 Insecure Design
    • A07 Authentication Failures
    • A08 Software or Data Integrity Failures
    • A09 Security Logging and Alerting Failures
    • A10 Mishandling of Exceptional Conditions
  • Attack Methods and Defenses
    • Insecure Direct Object References (IDOR)
    • Missing Function Level Access Control
    • ACL, RBAC, ABAC
    • Password hashing algorithms
    • HTTP Strict Transport Security (HSTS)
    • SQL injection, XSS, Path traversal
    • Content Security Policy (CSP), Frontend Security Policy Header
    • CSRF
    • XXE
    • CORS
    • SBOM
    • Session Fixation
    • HIBP
  • Secure Coding Guidelines for Java SE
    • Java built-in security mechanisms
    • Principles
    • Denial of Service
    • Confidential information handling
    • Injection and inclusion
    • Accessibility and extensibility
    • Input validation
    • Mutability
    • Object creation
    • Serialization and Deserialization
    • Access control
    • JNI
  • SonarQube
Outline (PDF)

Prerequisites

A solid knowledge of the Java programming language is required.

As some of the course materials are in English, basic English reading skills (documentation level) are necessary. The training is delivered in Hungarian, based on Hungarian-language slides.