Developing Secure Web-Tier Applications (D61996GC10)

Objective

Upon completion of this course, students should be able to:

  • Understand the security risks faced by web applications
  • Examine a web application for security risks
  • Interact with Java keystores
  • Sign Java JAR files
  • Implement authentication in Java EE applications
  • Implement programmatic security in Java EE applications
  • Implement transport-layer security in Java EE applications
  • Configure security realms for Java EE application servers
  • Implement code that interacts with an LDAP server 

 
Overview

The Developing Secure Web-Tier Applications Workshop course provides students with the knowledge to build web applications incorporating the Java Security Architecture to protect web site resources and authenticate users. 
  

 
Who can benefit

Java programming language developers with skills equivalent to that of a Sun Certified Web Component Developer, who are responsible for creating secure web sites. This is not a course for web page designers using Hypertext Markup Language (HTML), JavaScript technology, or other web presentation technologies. 

 

Prerequisites

  • Write Java Web Applications using Java web-tier technologies: Servlets, and JavaServer Pages (JSP)
  • Design Java applications that integrate existing Java code
  • Functionally describe the benefits of an n-tier architecture
  • Write a web page that uses HTML 

 

Related Courses 

Before

 
Course Content 

 
Security Basics

  • Describe the top 10 web-tier security risks
  • Describe key Java EE security concepts and standards
  • Describe Java EE architecture and its logical tiers
  • Describe web-tier security
  • Describe the container-based security model

 

Implementing Security Basics

  • Describe the basics of security
  • Describe keystores
  • Describe certificates

 

Implementing Declarative Security

  • Describe declarative security
  • Describe realms, users, groups,and roles
  • Compare basic and form-based authentication
  • Describe SSL

 

Implementing Programmatic Security 

  • Describe programmatic security
  • Use getRemoteUser and getUserPrincipal to implement security in server side code
  • Use isUserInRole to implement security in server- side code

 

Other Security Realms

  • Describe the other realms available in the Application Server
  • Implement the Directory Server as a realm
  • Implement a relational database as a realm

 

Review the Top 10 Web-Tier Security Risks

  • Review the top 10 web-tier security risks in Java EE web applications
  • Describe best practices for securing Java EE web applications

Kurssprache deutsch, Unterrichtsmaterial überwiegend in englischer Sprache.