Você está na página 1de 3


Develop in-depth protection against

data validation attacks
Secure your application against the
OWASP Top-10 security risks
Threat Model applications

Software insecurity has become one of the biggest security concerns facing
organizations today. As hackers turn their attention to the software and applications that
make up an organizations IT infrastructure, people are realizing that the best way to
protect that infrastructure is building secure software at the onset. During this course,
students will understand the key security features of the J ava Platform, Enterprise Edition
(J ava EE), identify and avoid common web security pitfalls, and learn how to build secure
and reliable web applications using J ava. Students are then guided through hands-on
code examples that highlight security issues and demonstrate prescriptive solutions for
the prevention of application vulnerabilities.

What You Will Learn
The process and techniques of building secure
Secure user management systems
Data validation strategies
Error handling and exception management
Software Security review techniques

All topics are supported by hands-on exercises
specifically designed to increase knowledge
retention. Classroom exercises provide the
extensive hands-on experience needed to
effectively identify, contain and respond to
complicated and potentially damaging intrusions.
Who Should Take this Class
Software professionals who define, design, and
architect solutions; those who manage software
development projects and teams, and those that audit
the security of applications.
Four days
Student Takeaways
Courseware and workbook
Certificate of completion
McAfee Foundstone backpack
McAfee Foundstone notepad, pen, and highlighter
Course Outline
Module 1Introduction
Overview of Course Content Introduction to Hacme Books
Secure Design Principles
Module 2J ava Platform Security
J ava Security Overview J ava Authentication & Authorization Service
J ava Runtime & Compile Time Security Servlet, J SP and EJ B Security
J ava Security Manager
McAfee Foundstone Practice

Writing Secure Code: J ava

Course Sheet

Course Outline (continued)
Module 3Cryptography
Overview Key Storage and Generation
Common Mistakes J ava Secure Sockets Extension
Random Numbers XML Encryption & Digital Signatures
J ava Cryptography Extension
Module 4Authentication
Authentication Protocols Single Sign-On
Common Mistakes Code Signing
Servlet Container Authentication
Module 5Authorization
Access Control Models Cross-Site Request Forgery
Common Mistakes Servlet Container Authorization
Least Privilege Session Management
Discretionary Access Control EJ B Authorization Controls
Role-Based Access Controls Custom Authorization Implementations
Module 6Error Handling & Exception Management
J ava Exception Fundamentals Best Practices for Handling User Errors
Exception Handling Patterns & Anti-Patterns Servlet, J SP, EJ B and Struts Exceptions
Module 7Data Validation
Common Mistakes Character Encoding & Security
Trust Boundaries Regular Expressions
Data Validation Design Common Data Validation Attacks
Validation Strategies & Tactics Validating Non-Textual Data
Web Application Firewalls
Module 8Client Side Security
Common Mistakes Code Obfuscation
Reverse Engineering Anti-Tampering Measures
Module 9User Management
Common Mistakes Password Lockout Schemes
Secure Password Storage Password Length & Complexity
Password Reset Schemes
Module 10Logging and Auditing
Common Mistakes What to do with Log Files
What to Log Logging Frameworks
Module 11Secure Code Review
Secure Code Review Methodology Automated Source Code Analysis
Threat Modeling Identifying Common Mistakes
Module 12Advanced J ava Security
Access Protection Serialization
Thread Safety J ava Native Interface
Defensive Coding

Suggested Next Course(s)
Writing Secure Code: .NET
Writing Secure Code: C++

Contact Information
To order, or for further information,
please contact McAfee Education at:

McAfee Education Services
McAfee Education Services provides training on
both our award-winning products and McAfee
Foundstone Ultimate Hacking skills courses. We
provide this training globally with both instructor-led
and e-learning courses for organizations and
We also provide product and assessment
certifications through the McAfee Security
Certification Program, validating your knowledge
and ability in a variety of security-related
For more information, please visit us at
www.mcafee.com/us/services.aspx, or click on the
following links:
North America and Latin America
training) https://mcafee.edu.netexam.com/catalog.a
Europe, Middle East, Africa, and Asia Pacific
(instructor-led training)
McAfee Certification Program
(McAfee product and McAfee Foundstone
certification) http://www.mcafee.com/us/services/se

2821 Mission College Boulevard
Santa Clara, CA 95054
888 847 8766
McAfee, the McAfee logo, McAfee VirusScan, McAfee ePolicy Orchestrator, McAfee ePO, and McAfee Foundstone are registered trademarks or
trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of
others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are
provided without warranty of any kind, express or implied. Copyright 2013 McAfee, Inc.