Java EE : PCI DSS Web Security Compliance Training Course
| Course code: |
SECJEE |
| Details: |
|
| Onsite | Enquire about bringing this course to your offices |
| Who should attend: |
Web Developers who need to learn about and implement the guidelines on Payment Card Industry (PCI) Compliance |
| Prerequisite skills: |
Experience of developing data-driven web applications (Java EE, J2EE / Java EE, PHP etc) |
Clients who have attended this course include
Course Outline
This course will provide delegates with a sound understanding of current Payment Card Industry Secure Data Security Standards for building secure applications in the Java EE Framework
Course Content
This course has been developed for real-world, commercial scenarios by our expert instructors. See below for detailed syllabus. If you have a technical question, please email sales@jbinternational.co.uk
What you will learn
1. Security Principles
2. An understanding of OWASP and PCI DSS
3. Writing compliant Java code
4. How to test security
5. How to build privacy into you application
6. How to secure installations
7. How to write secure documentation and error messages.
PCI 1.2 Compliance for Java EE
Secure Development Overview
Case Studies
The Need for Secure Systems
Trustworthy Computing
Proactive Security Development
Security Principles
Threat Modelling
PCI DSS v1.2
What’s new?
PCI DSS and OWASP
Common misconceptions
OWASP
What is OWASP?
Current OWASP Top Ten
Java EE with PCI DSS 6.5
6.5.1 Cross-site scripting (XSS)
- Understanding XSS
- Validate Requests in Java EE
- Validating all parameters before use
6.5.2 Injection flaws
- Understanding SQL injection.
- Understanding LDAP and Xpath injection flaws as well as other injection flaws.
- JDBC and SQL Injection
- Validating input to verify user data cannot modify meaning of commands and queries
6.5.3 Malicious file execution
- Validating input to verify application does not accept filenames or files from users.
- Using the File upload control
- Flash, Java, ActiveX and Silverlight
6.5.4 Insecure direct object references
- Avoiding exposing internal object references to users.
- Using Code Access Security in Java EE
- Understanding Java EE Trust levels
6.5.5 Cross-site request forgery
- Understanding Cross-site request forgery (CSRF)
- Dealing with authorization credentials and tokens automatically submitted by browsers
- Cross site service security policies for Silverlight and Flash
6.5.6 Information leakage and improper error handling
- Avoiding leaking information via error messages or other means.
- Java EE exception handling
- Exception handling patterns
6.5.7 Broken authentication and session management
- Authenticating users and protect account credentials and session tokens.
- Java EE membership system
- Understanding & configuring Java EE Session state
6.5.8 Insecure cryptographic storage
- Preventing cryptographic flaws.
- Using cryptography in Java
6.5.9 Insecure communications
- Properly encrypting all authenticated and sensitive communications.
- Understanding secure communications in Java EE and XML Web Services
6.5.10 Failure to restrict URL access
- Consistently enforcing access control in presentation layer and business logic for all URLs.
- Using the Java EE membership system.
