DEVELOPER 541

Secure J2EE Development: Data Validation Module

Please see the specific event details for Faculty Information.
6 CPE Credits

Laptop RequiredFree

This long-awaited class is for Java Enterprise Edition developers who are serious about security. Move beyond simply knowing about attacks, and into secure techniques that allow you to protect your applications. Don't just listen to somebody tell you what's secure: learn how to implement input validation and output encoding with actual hands-on programming examples. Be a master of all things validation by being able to adapt to different Java technologies. Learn how to effectively build validation into your applications and prevent against Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), SQL injection, HTTP response splitting, and other data-validation style attacks. This one-day class covers:

• Regular expressions
• Servlet filtering
• HTML encoding
• Struts validation
• Anti CSRF tokens and CAPTCHA
• Prepared statements
• Stored procedures
• Database connection string encryption
• Aspect oriented programming (AOP) for input validation

Author Statement

After having taught hundreds of developers on application security, I've learned what works in teaching this important subject. Developers need to be intellectually challenged with exercises; they need a variety of solutions that they can apply to a single problem in different scenarios. By giving our students concrete examples of applications that they can take back with them, class attendees will be armed with strong validation techniques that they can apply to both current and future projects. By knowing how input validation attacks work and how to stop them, developers will have the tools necessary to prevent over 75% of web application attacks. Take part in this groundbreaking class and arm yourself with the knowledge to protect your Java applications.
-Rohit Sethi and Nish Bhalla