Secure Developer Java (Inc OWASP) Training Course

Developing a secure networked application can be challenging, even for developers who are already familiar with various cryptographic building blocks such as encryption and digital signatures. To help participants grasp the role and application of these cryptographic primitives, the course first establishes a solid foundation regarding the main requirements of secure communication—namely, secure acknowledgment, integrity, confidentiality, remote identification, and anonymity. It also addresses the typical problems that can compromise these requirements, alongside real-world solutions.

Since cryptography is a critical aspect of network security, the course discusses the most important cryptographic algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement. Rather than focusing on an in-depth mathematical background, these topics are explored from a developer's perspective, illustrating typical use-case examples and practical considerations related to crypto usage, such as public key infrastructures. The course also introduces security protocols used in various areas of secure communication, with an in-depth discussion on widely-used protocol families such as IPSEC and SSL/TLS.

Typical cryptographic vulnerabilities are discussed, both in relation to specific crypto algorithms and cryptographic protocols. Examples include BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, POODLE, and similar issues, as well as the RSA timing attack. For each problem, the practical considerations and potential consequences are described, without delving into deep mathematical details.

Finally, since XML technology is central to data exchange for networked applications, the course covers the security aspects of XML. This includes the usage of XML within web services and SOAP messages, alongside protection measures such as XML signature and XML encryption. The course also addresses weaknesses in these protection measures and XML-specific security issues, such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding
• Understand the requirements of secure communication
• Learn about network attacks and defenses at different OSI layers
• Gain a practical understanding of cryptography
• Understand essential security protocols
• Understand some recent attacks against cryptosystems
• Get information about some recent related vulnerabilities
• Understand security concepts of Web services
• Get sources and further readings on secure coding practices

Audience

Developers, Professionals

Developing secure C and C++ applications demands robust defenses against malicious exploitation, memory corruption, and input validation bypasses. This course explores common vulnerability patterns such as buffer overflows, use-after-free errors, integer overflows, and type confusion. Participants will implement secure coding standards, leverage static analysis tools, and adopt defensive programming practices to mitigate weaknesses, ensure proper input sanitization, and build software that is resilient against cyber threats.

Even seasoned Java developers do not always fully grasp the full spectrum of security services provided by Java, nor are they always cognizant of the diverse vulnerabilities pertinent to web applications built with Java.

Beyond introducing the security components of Standard Java Edition, this course addresses security concerns within Java Enterprise Edition (JEE) and web services. The discussion of specific services begins with the fundamental principles of cryptography and secure communication. Through a series of exercises, participants explore declarative and programmatic security techniques in JEE, while also examining both transport-layer and end-to-end security for web services. The practical application of all discussed components is demonstrated through hands-on exercises, allowing participants to experiment with the relevant APIs and tools firsthand.

The course also examines and explains the most common and critical programming flaws associated with the Java language, platform, and web technologies. In addition to typical errors made by Java programmers, the identified security vulnerabilities encompass both language-specific issues and problems arising from the runtime environment. All vulnerabilities and their corresponding attack vectors are illustrated through accessible exercises, followed by recommended coding guidelines and potential mitigation strategies.

Participants attending this course will

• Grasp the fundamental concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and understand how to prevent them
• Comprehend the security concepts underlying web services
• Gain proficiency in utilizing various security features of the Java development environment
• Develop a practical understanding of cryptography
• Understand the security solutions available in Java EE
• Learn to identify typical coding mistakes and how to avoid them
• Receive information regarding recent vulnerabilities within the Java framework
• Acquire practical knowledge in using security testing tools
• Access resources and further readings on secure coding practices

Audience

Developers

Apache Groovy is a dynamic programming language designed for the JVM (Java Virtual Machine). Its key features include scripting capabilities, Domain-Specific Language creation, both runtime and compile-time meta-programming, and support for functional programming. Groovy is frequently used to complement Java development.

In this instructor-led live training, participants will learn how to program in Groovy by guiding them through the creation of a sample application.

Audience

• Developers

Format of the course

• A mix of lectures, discussions, exercises, and extensive hands-on practice

This instructor-led, live training in Italy (online or onsite) is designed for novice developers seeking to learn the basics of Groovy Programming.

By the end of this training, participants will be able to:

• Understand the basic programming concepts.
• Write simple Groovy scripts and utilize Groovy core features.
• Understand and apply basic principles of object-oriented programming using Groovy.
• Learn basic error-handling techniques to manage common programming errors and exceptions in Groovy.

This instructor-led, live training in Italy (online or onsite) is designed for intermediate-level Java developers seeking to design, develop, deploy, and maintain microservices-based applications using Java frameworks like Spring Boot and Spring Cloud.

By the conclusion of this training, participants will be able to:

• Comprehend the principles and benefits of microservices architecture.
• Build and deploy microservices using Java and Spring Boot.
• Implement service discovery, configuration management, and API gateways.
• Secure, monitor, and scale microservices effectively.
• Deploy microservices using Docker and Kubernetes.

This instructor-led, live training in Italy (available online or onsite) is tailored for intermediate to advanced developers seeking to master the development of microservices using Spring Boot, Docker, and Kubernetes.

By the end of this training, participants will be able to:

• Comprehend microservices architecture principles.
• Build production-ready microservices using Spring Boot.
• Understand the critical role of Docker in containerizing microservices.
• Configure Kubernetes clusters to deploy and orchestrate microservices.

This instructor-led, live training in Italy (online or onsite) is aimed at developers who wish to use Quarkus to build, test, and deploy applications, fully-powered with Java, but with less resource utilization.

By the end of this training, participants will be able to:

• Set up the necessary development environment to start developing applications with Quarkus.
• Build, compile, and run applications in native mode using GraalVM.
• Utilize Quarkus tooling and extensions for building native applications using Maven.
• Containerize, execute, and deploy applications with Docker.

This instructor-led, live training in Italy (online or onsite) is aimed at intermediate-level to advanced-level developers and architects who wish to develop Java native applications and microservices using Quarkus with optimized memory usage and startup time.

By the end of this training, participants will be able to:

• Develop high-performance, lightweight Java native applications using Quarkus.
• Build and deploy RESTful services and microservices architectures.
• Use GraalVM for native compilation and optimize startup and memory efficiency.
• Package and containerize applications for Kubernetes and OpenShift environments.

This instructor-led, live training in Italy (online or onsite) is designed for software architects and web developers who want to use RabbitMQ as middleware and program in Java using Spring to build applications.

By the end of this training, participants will be able to:

• Build applications using Java, Spring, and RabbitMQ.
• Design asynchronous, message-driven systems using RabbitMQ.
• Create and implement queues, topics, exchanges, and bindings in RabbitMQ.

This instructor-led live training in Italy (online or onsite) is designed for web developers who wish to build functional front-end and back-end web applications using Spring Boot, React, and Redux.

By the end of this training, participants will be able to:

• Build a front-end application with React and Redux.
• Create RESTful APIs with Spring Boot.
• Secure web services with Spring Security and JWT web tokens.

This instructor-led live training in Italy (available online or on-site) is tailored for Java developers who wish to use the Spring 5 framework to develop and deploy enterprise web applications.

By the end of this training, participants will be able to:

• Install and configure Spring 5.
• Understand and implement the latest features of Spring 5.
• Access databases with the Spring Application.
• Use the new reactive web framework, WebFlow, to make an application reactive.
• Integrate a Spring application with legacy Java EE applications.
• Test and deploy an enterprise-grade Spring application.

Spring stands as a robust Java framework designed to streamline enterprise application development through its powerful dependency injection capabilities, modular architecture, and simplified configuration options.

This instructor-led live training session, available either online or onsite, targets beginner-level Java developers eager to construct modern, production-ready web applications leveraging the latest Spring Framework and Spring Boot 3.5.5 alongside Java 21.

Upon completing this training, participants will be equipped to:

• Grasp Spring’s core principles, such as IoC, DI, and AOP.
• Set up Spring applications via XML, annotations, and JavaConfig.
• Create RESTful services using Spring Boot and JPA.
• Execute CRUD operations, manage transactions, and oversee data persistence.
• Utilize advanced Spring features like profiles, exception handling, and data serialization.

Training Format

• A concise theoretical introduction followed by extensive practical exercises.
• Practical implementation utilizing real-world scenarios.
• Interactive discussions and guided troubleshooting.

Customization Options

• For tailored training requests, please reach out to us for arrangements.

Spring WebFlux is a reactive programming module within the Spring Framework designed for building non-blocking, event-driven web applications.

This instructor-led, live training (online or onsite) is aimed at beginner-level to intermediate-level Java developers who wish to build scalable and responsive applications using Spring WebFlux.

By the end of this training, participants will be able to:

• Understand the fundamentals of reactive programming with Project Reactor.
• Build and test non-blocking RESTful APIs using Spring WebFlux.
• Integrate WebFlux with databases and external services.
• Apply reactive patterns to real-world application scenarios.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

This instructor-led, live training in Italy (online or onsite) is aimed at developers who wish to use WebFlux to develop and deploy reactive applications.

By the end of this training, participants will be able to:

• Install and configure Spring 5 and the WebFlux framework.
• Develop reactive applications and services.