AppSec USA 2016 has ended
Back To Schedule
Wednesday, October 12 • 9:00am - 5:00pm
Training Session - Secure Coding in Java Day 2 (2 Day)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The course provides developers with practical guidance for developing Java programs that are robust and secure. Material in this presentation was derived from the Addison-Wesley book The CERT Oracle Secure Coding Standard for Java and is supported by the Secure Coding Rules for Java LiveLessons video series. Participants should come away from the course with a working knowledge of common programming errors that lead to software vulnerabilities, how these errors can be exploited, and effective mitigation strategies for preventing the introduction of these errors.
In particular, participants will learn how to:
• Explain the need for secure coding
• Follow fundamental secure coding guidelines
• Validate and sanitize data
• Explain the Java Security Model
• Predict how the numerical types behave in Java
• Avoid pitfalls in the use of characters and strings
• Securely process input and output
Moreover, the course encourages programmers to adopt security best practices and develop a security mindset that can help protect software from tomorrow’s attacks, not just today’s.

You will need to bring a laptop with 100MB or greater of free hard disk space and the following software installed:

  •  Java SE Development Kit 8
  • Eclipse IDE for Java Developers or other a Java 8 compatible IDE
  • Adobe Reader

You should clone the course exercises, demos, and examples from https://github.com/rcseacord/JavaSCR.git prior to the class.  Make sure that you have imported the code into your IDE and that you can build and test the sample programs.

“The CERT Oracle Secure Coding Standard for Java” and “Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs” books authored by Robert C. Seacord and published by Addison-Wesley can be purchased in advance at InformIT.  We will be covering chapters 1-8 of The CERT Oracle Secure Coding Standard for Java in class, if you want to prepare by reviewing these chapters.


avatar for Robert Seacord

Robert Seacord

Principal Security Consultant, NCC Group
I'm work with software developers and software development organizations to eliminate vulnerabilities resulting from coding errors before they are deployed. Previously, I led the secure coding initiative in the CERT Division of Carnegie Mellon University’s Software Engineering Institute... Read More →

Wednesday October 12, 2016 9:00am - 5:00pm EDT
Meeting Room 11