Secure Developer Java (Inc OWASP) Training Course

Implementing a secure networked application can be challenging, even for developers who have prior experience with various cryptographic building blocks (such as encryption and digital signatures). To ensure participants grasp the role and application of these cryptographic primitives, the course begins by establishing a solid foundation on the core requirements of secure communication – including secure acknowledgment, integrity, confidentiality, remote identification, and anonymity. It also highlights typical issues that can compromise these requirements alongside real-world solutions.

Since cryptography is a critical aspect of network security, the course covers the most important algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement. Rather than focusing on in-depth mathematical theory, these topics are explored from a developer's perspective, featuring typical use-case examples and practical considerations such as public key infrastructures. Security protocols used in various aspects of secure communication are introduced, with a detailed discussion on widely adopted protocol families like IPSEC and SSL/TLS.

The course examines typical cryptographic vulnerabilities associated with specific algorithms and protocols, such as BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding oracle, Lucky Thirteen, POODLE, and RSA timing attacks. For each issue, practical considerations and potential consequences are described, avoiding deep mathematical details.

Finally, as XML technology is central to data exchange in networked applications, the course describes its security aspects. This includes using XML within web services and SOAP messages, along with protection measures like XML signature and XML encryption. It also addresses weaknesses in these protection measures and XML-specific security issues such as XML injection, XML external entity (XXE) attacks, XML bombs, and XPath injection.

Participants attending this course will

• Understand basic concepts of security, IT security, and secure coding
• Understand the requirements of secure communication
• Learn about network attacks and defenses across different OSI layers
• Gain a practical understanding of cryptography
• Understand essential security protocols
• Understand recent attacks against cryptosystems
• Gain information about some recent related vulnerabilities
• Understand security concepts of Web services
• Get sources and further readings on secure coding practices

Audience

Developers, Professionals

Developing secure C and C++ code demands rigorous defenses against malicious exploitation, memory corruption, and input validation bypasses. This course analyzes vulnerability patterns such as buffer overflows, use-after-free errors, integer overflows, and type confusion. Participants will apply secure coding standards, static analysis tools, and defensive programming techniques to eliminate weaknesses, enforce input sanitization, and deliver hardened software that is resilient against cyberattacks.

Even seasoned Java developers often do not fully master the full range of security services provided by Java, nor are they always aware of the distinct vulnerabilities that impact web applications built with Java.

In addition to introducing the security components of Standard Java Edition, this course addresses security challenges within Java Enterprise Edition (JEE) and web services. The discussion of specific services begins with the fundamentals of cryptography and secure communication. Through various exercises, participants explore declarative and programmatic security techniques in JEE, while also covering both transport-layer and end-to-end security for web services. Participants gain hands-on experience with the discussed APIs and tools through several practical exercises.

The course also examines and explains the most common and severe programming flaws and web-related vulnerabilities associated with the Java language and platform. Beyond typical bugs made by Java developers, the identified security vulnerabilities encompass both language-specific issues and problems arising from the runtime environment. All vulnerabilities and corresponding attacks are demonstrated through clear, understandable exercises, followed by recommended coding guidelines and potential mitigation techniques.

Participants attending this course will

• Grasp the fundamental concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and understand how to avoid them
• Understand the security concepts underlying web services
• Learn to utilize various security features within the Java development environment
• Develop a practical understanding of cryptography
• Comprehend the security solutions offered by Java EE
• Identify typical coding mistakes and learn how to prevent them
• Gain information on recent vulnerabilities in the Java framework
• Acquire practical knowledge in using security testing tools
• Access resources and further reading materials on secure coding practices

Audience

Developers

Apache Groovy is a dynamic programming language for the JVM (Java Virtual Machine). Its key features encompass scripting capabilities, Domain-Specific Language creation, runtime and compile-time metaprogramming, and support for functional programming. Groovy is commonly utilized as a complementary language to Java.

Through this instructor-led live training, participants will learn to program in Groovy by guiding them through the development of a sample application.

Audience

• Developers

Format of the course

• A mix of lectures, discussions, exercises, and intensive hands-on practice

This instructor-led, live training in Turkey (online or onsite) is designed for beginner-level developers who wish to learn the basics of Groovy Programming.

By the end of this training, participants will be able to:

• Comprehend fundamental programming concepts.
• Write simple Groovy scripts and leverage core Groovy features.
• Understand and apply basic object-oriented programming principles using Groovy.
• Learn fundamental error-handling techniques to manage common programming errors and exceptions in Groovy.

This instructor-led, live training in Turkey (online or onsite) is aimed at intermediate-level Java developers who wish to design, develop, deploy, and maintain microservices-based applications using Java frameworks like Spring Boot and Spring Cloud.

By the end of this training, participants will be able to:

• Understand the principles and benefits of microservices architecture.
• Build and deploy microservices using Java and Spring Boot.
• Implement service discovery, configuration management, and API gateways.
• Secure, monitor, and scale microservices effectively.
• Deploy microservices using Docker and Kubernetes.

This instructor-led live training in Turkey (available online or onsite) is tailored for intermediate to advanced developers looking to master microservices development using Spring Boot, Docker, and Kubernetes.

By the end of this training, participants will be able to:

• Comprehend microservices architecture principles.
• Build production-ready microservices using Spring Boot.
• Understand the critical role of Docker in containerizing microservices.
• Configure Kubernetes clusters to deploy and orchestrate microservices.

This instructor-led live training in Turkey (online or on-site) is designed for developers who wish to use Quarkus to build, test, and deploy applications that are fully Java-powered but more resource-efficient.

By the end of this training, participants will be able to:

• Set up the necessary development environment to start developing applications with Quarkus.
• Build, compile, and run applications in native mode using GraalVM.
• Utilize Quarkus tooling and extensions for building native applications using Maven.
• Containerize, execute, and deploy applications with Docker.

This instructor-led, live training in Turkey (online or onsite) is aimed at intermediate-level to advanced-level developers and architects who wish to develop Java native applications and microservices using Quarkus with optimized memory usage and startup time.

By the end of this training, participants will be able to:

• Develop high-performance, lightweight Java native applications using Quarkus.
• Build and deploy RESTful services and microservices architectures.
• Use GraalVM for native compilation and optimize startup and memory efficiency.
• Package and containerize applications for Kubernetes and OpenShift environments.

This instructor-led, live training in Turkey (online or onsite) is aimed at software architects and web developers who wish to use RabbitMQ as a messaging middle-ware and program in Java using Spring to build applications.

By the end of this training, participants will be able to:

• Use Java and Spring with RabbitMQ to build applications.
• Design asynchronous message driven systems using RabbitMQ.
• Create and apply queues, topics, exchanges, and bindings in RabbitMQ

This instructor-led live training in Turkey (online or onsite) is targeted at web developers who wish to build functional front-end and back-end web applications with Spring Boot, React, and Redux.

By the end of this training, participants will be able to:

• Build a front-end application with React and Redux.
• Create RESTful APIs with Spring Boot.
• Secure web services with Spring security and JWT web tokens.

This instructor-led live training, available in Turkey (online or onsite), is tailored for Java developers who intend to utilize the Spring 5 framework to develop and deploy enterprise web applications.

By the conclusion of this training, participants will be able to:

• Install and set up Spring 5.
• Comprehend and apply the newest features of Spring 5.
• Connect to databases using Spring applications.
• Leverage the new reactive web framework, WebFlow, to build reactive applications.
• Integrate Spring applications with legacy Java EE systems.
• Test and deploy enterprise-grade Spring applications.

Spring serves as a robust Java framework designed to streamline enterprise application development by offering powerful dependency injection, a modular architecture, and simplified configuration capabilities.

This instructor-led live training, available both online and on-site, targets beginner Java developers aiming to construct modern, production-ready web applications utilizing the latest Spring Framework and Spring Boot 3.5.5 alongside Java 21.

Upon completing this training, participants will be capable of:

• Grasping the core principles of Spring, including Inversion of Control (IoC), Dependency Injection (DI), and Aspect-Oriented Programming (AOP).
• Configuring Spring applications through XML, annotations, and JavaConfig.
• Developing RESTful services leveraging Spring Boot and JPA.
• Implementing CRUD operations, managing transactions, and handling data persistence.
• Utilizing advanced Spring features such as profiles, exception handling, and data serialization.

Course Format

• A concise theoretical overview followed by extensive practical exercises.
• Hands-on implementation grounded in real-world scenarios.
• Interactive discussions and guided troubleshooting sessions.

Customization Options

• To arrange a customized training session for this course, please contact us directly.

Spring WebFlux is a reactive programming module within the Spring Framework, specifically crafted for developing non-blocking, event-driven web applications.

This instructor-led live training, available both online and onsite, targets beginner to intermediate Java developers who aim to construct scalable and responsive applications leveraging Spring WebFlux.

Upon completion of this training, participants will be capable of:

• Grasping the core concepts of reactive programming using Project Reactor.
• Developing and testing non-blocking RESTful APIs with Spring WebFlux.
• Integrating WebFlux with databases and third-party services.
• Applying reactive patterns to practical application scenarios.

Course Format

• Interactive lectures accompanied by discussions.
• Extensive exercises and practical practice sessions.
• Hands-on implementation within a live lab environment.

Customization Options

• For a customized training session tailored to your needs, please reach out to us to arrange it.

This instructor-led, live training in Turkey (online or onsite) is aimed at developers who wish to use WebFlux to develop and deploy reactive applications.

By the end of this training, participants will be able to:

• Install and configure Spring 5 and the WebFlux framework.
• Develop reactive application and services.