The course provides developers with practical guidance for developing Java programs that are robust and secure. Material in this presentation was derived from the Addison-Wesley book The CERT Oracle Secure Coding Standard for Java and is supported by the Secure Coding Rules for Java LiveLessons video series. Participants should come away from the course with a working knowledge of common programming errors that lead to software vulnerabilities, how these errors can be exploited, and effective mitigation strategies for preventing the introduction of these errors.
In particular, participants will learn how to:
• Explain the need for secure coding
• Follow fundamental secure coding guidelines
• Validate and sanitize data
• Explain the Java Security Model
• Predict how the numerical types behave in Java
• Avoid pitfalls in the use of characters and strings
• Securely process input and output
Moreover, the course encourages programmers to adopt security best practices and develop a security mindset that can help protect software from tomorrow’s attacks, not just today’s.
You will need to bring a laptop with 100MB or greater of free hard disk space and the following software installed:
- Java SE Development Kit 8
- Eclipse IDE for Java Developers or other a Java 8 compatible IDE
- Adobe Reader
You should clone the course exercises, demos, and examples from https://github.com/rcseacord/JavaSCR.git prior to the class. Make sure that you have imported the code into your IDE and that you can build and test the sample programs.
“The CERT Oracle Secure Coding Standard for Java” and “Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs” books authored by Robert C. Seacord and published by Addison-Wesley can be purchased in advance at InformIT. We will be covering chapters 1-8 of The CERT Oracle Secure Coding Standard for Java in class, if you want to prepare by reviewing these chapters.
