• No products in the cart.


Securing Java Web Services is a lab-intensive, hands-on JEE security training course, essential for experienced enterprise developers who need to produce secure JEE-based web services. In addition to teaching basic programming skills, this course digs deep into sound processes and practices that apply to the entire software development lifecycle.

Course Access

Unlimited Duration

Last Updated

March 11, 2021

Students Enrolled

Total Reviews

Posted by

Securing Java Web Services course will help you to learn the skills required to recognize actual and potential software vulnerabilities, implement defenses for those vulnerabilities, and test those defenses for sufficiency.  This course quickly introduces developers to the most common security vulnerabilities faced by web applications today. In this course you will learn about:

· Understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections

· Be able to test web applications with various attack techniques to determine the existence of and effectiveness of layered defenses

· Prevent and defend the many potential vulnerabilities associated with untrusted data

· Understand the concepts and terminology behind supporting, designing, and deploying secure services

· Appreciate the magnitude of the problems associated with service security and the potential risks associated with those problems

· Understand the currently accepted best practices for supporting the many security needs of services.

· Understand the vulnerabilities associated with authentication and authorization within the context of web services

· Be able to detect, attack, and implement defenses for authentication and authorization functionality

· Understand the dangers and mechanisms behind Cross-Site Scripting (XSS) and Injection attacks

· Be able to detect, attack, and implement defenses against XSS and Injection attacks

· Understand the concepts and terminology behind defensive, secure, coding

· Understand the use of Threat Modeling as a tool in identifying software vulnerabilities based on realistic threats against meaningful assets

· Perform both static code reviews and dynamic application testing to uncover vulnerabilities in Java-based web services

· Design and develop strong, robust authentication and authorization implementations within the context of JEE

· Understand the fundamentals of XML Digital Signature as well as how it can be used as part of the defensive infrastructure for web services

· Understand the fundamentals of XML Encryption as well as how it can be used as part of the defensive infrastructure for web services

· Understand and defend vulnerabilities that are specific to XML and XML parsers

Course Curriculum

    • Why Hunt Bugs? 00:00:00
    • Safe and Appropriate Bug Hunting/Hacking 00:00:00
    • Removing Bugs 00:00:00
    • Principles of Information Security 00:00:00
    • Service Challenges 00:00:00
    • Services and Security 00:00:00
    • Defending Web Services 00:00:00
    • Defending Rich Interfaces and REST 00:00:00
    • Unvalidated Data 00:00:00
    • Injection 00:00:00
    • Broken Authentication 00:00:00
    • Sensitive Data Exposure 00:00:00
    • XML External Entities (XXE) 00:00:00
    • Broken Access Control 00:00:00
    • Security Misconfiguration 00:00:00
    • Cross Site Scripting (XSS) 00:00:00
    • Deserialization/Vulnerable Components 00:00:00
    • Insufficient Logging and Monitoring 00:00:00
    • Spoofing, CSRF, and Redirects 00:00:00
    • What Next? 00:00:00
    • Cryptography Overview 00:00:00

    Course Reviews

    Profile Photo
    ashar hafeez


    About Instructor


    Course Events


    More Courses by Insturctor

    © 2021 Ernesto.  All rights reserved.