Programming Secure Systems in Java

It doesn't matter how good your "perimeter defenses" (firewalls, etc.) are—hackers break into your system by exploiting bugs in your program's code or architecture. The world's best firewall does nothing to make your system more secure if the programs that can be accessed through the firewall are not structured correctly.

Web applications, in both the servlet/cgi and the XML/SOAP sense, are nothing but functions on your side of the firewall that are invoked by an external user. As such, they are a particularly worrisome source of vulnerability.

Fortunately, the most common ways that hackers break into your system are well understood, easy to avoid, and easy to fix, provided that you know what to do. This one-day class introduces you to the security concepts that you need to make your code less prone to attack. We will discuss:

• Security concepts and architecture.
• Encryption-based technology, how it works and what it does (and doesn't do) for you.
• Common hacker exploits and how to protect yourself from them.
• The Java security APIs.

On completion of this class, you will:

• Understand key security concepts.
• Understand how to build a secure system in Java.
• Be desperate to get back to work to plug the vulnerabilities that we've identified in class.

Who Should Attend?

This course is fast paced and technically rigorous. It is intended for professional Java programmers and technical managers who know the language well.