Advanced Java, JEE, and Web Application Security

n addition to the solid knowledge of the use of Java components, even for experienced Java programmers, it is necessary to have a deep knowledge of Web-related vulnerabilities on both the server and the client, various vulnerabilities related to Web applications written in Java, and the consequences of various risks.

Common web-based vulnerabilities are demonstrated by presenting the relevant attacks, while recommended coding techniques and mitigation methods are explained in the context of Java with the overriding goal of avoiding associated problems. In addition, special focus is placed on client-side security that addresses JavaScript, Ajax, and HTML5 security issues.

The course introduces the security components of the standard Java edition, which are preceded by the foundations of cryptography, and provide a common basis for understanding the purpose and operation of applicable components. Security issues for Java Enterprise Edition are introduced through various exercises that explain declarative and programmatic security techniques in JEE.

Finally, the course explains the most common and critical programming flaws in the Java language and platform. Besides the typical mistakes made by Java programmers, the vulnerabilities presented cover both language-specific issues and issues arising from the runtime environment. All relevant vulnerabilities and attacks are demonstrated through easy-to-understand exercises, followed by recommended coding guidelines and possible mitigation techniques.