Secure Coding Java

Equip Java developers with secure-coding practices and defensive techniques to mitigate common web and API vulnerabilities across Java SE/EE applications.

Get Course Info

Audience: Developers / Team leads / Project managers

Duration: 2 days

Format: Lectures and hands-on labs (50 % – 50 %)

Overview

Focused on Java, this course covers common attacks and defenses, secure Java SE/EE coding, REST endpoint security, code signing, tools, and modern frameworks such as Vault and Consul.

Objective

Equip Java developers with secure-coding practices and defensive techniques to mitigate common web and API vulnerabilities across Java SE/EE applications.

What You Will Learn

Threat modeling (STRIDE, CVSS) and labs
OWASP Goat-labs on XSS, CSRF, session hijacking, encryption
Java SE security (mutability, scopes, thread safety, input validation)
Java EE security (role-based auth, declarative/programmatic security)
REST endpoint security with OAuth2
Code signing on Windows, macOS, Linux
Static analysis (SonarQube) & SEI CERT labs
Modern frameworks: Vault, Consul, Anthos; dynamic secrets & zero-trust

Course Details

Audience: Developers / Team leads / Project managers

Duration: 2 days

Format: Lectures and hands-on labs (50 % – 50 %)

Prerequisites:

Cybersecurity awareness • Comfortable developing code in Java

Setup: Local IntelliJ highly recommended (backup cloud lab available) • Chrome browser

Detailed Outline

STRIDE
CVSS
Lab

XSS
Session hijacking
Malicious file execution

Object mutability
Scopes
Thread safety
Exception handling

Role-based auth
Security constraints
Programmatic vs declarative

OAuth2
Best practices

Overview & platforms

Audits/logs
Static analysis (SonarQube)

Vault, Consul, Anthos
Zero-trust, AI