ASERT LOGO Advanced Software Engineering, Research and Training
Leading-Edge Courseware, Highly-Skilled Experienced Instructors
About ASERT
Home, Contact Us, Training Courses, Services, Products, Publications, Employment
Training
Training Calendar Java Curriculum, Internet and Web Curriculum, XML and Web Services Curriculum, Linux Curriculum, Database Curriculum, Security Curriculum,
Security Curriculum
Internet Security for Managers, Internet Security for Managers, Java Security Programming for Developers

SC202: Java Security Programming For Developers (2-3 days)

Course Overview

Java Security Programming for Developers is an intensive two or three-day course aimed at IT developers who need to program secure applications in Java. If you want to understand and implement software that includes cryptography, keystores, digital signatures and encryption, then this course is for you.

If you are responsible for the development of secure online services, have recently found the need to understand security techniques in more detail, then this course is for you.

If you are responsible for undertaking the planning or deployment of an online service, then this course is for you.

Audience

Software Developers, Designers and Architects with an interest in developing secure applications.

What to Expect

This is an intermediate-level course; attendees are expected to be experienced in Java programming and have an understanding of their security requirements, but are not expected to be security experts or to have previous security development experience.

Course Topics

  • Introduction to Cryptography Concepts (theory)
    • Hashing
    • Keyed MACs
    • Digital Signing
    • Keys (public/private)
    • Keys (symmetric)
    • Encryption
  • Java Security
    • Java Security Architecture (JSA)
    • Sandbox
    • Security Managers
    • Security Policy
    • Java Cryptography Architecture (JCA)
  • Programming with Java Cryptography Architecture
    • APIs
    • Message digests and Digital Signing
  • Message Digest Exercise
    • Multiple algorithms
    • Fixed output size
    • Input change vs. output change
  • Further Cryptography Concepts and PKI (theory)
    • Certificates and certificate chains
    • The concept of Trust
    • Crypto providers
  • Java Keystores and Key Generation Exercise
    • Certificate generation (Verisign, web browser, and your code!)
    • Exporting to PKCS#12
    • PKCS#10 signing (Verisign, Microsoft certificate services)
    • Generate keystore (keystore formats)
    • Importing from PKCS#12
  • Authentication and Digital Signatures Exercise
    • Digital signing
    • Private key from keystore
    • Signing data
    • Signature Verification
    • Public key (or cert)
    • Certification details
    • Verification
  • Programming with Java Cryptography Extensions (theory)
    • Keyed MACs
    • Ciphers
  • Authentication and Keyed MACs Exercise
    • Shared MAC key
    • MAC data
  • Sockets overview, SSL/TLS, JSSE and Transport-Layer Security
    • Sockets and httpsUrlConnection
    • Revision of trust
    • Connecting to web server (server-side authentication)
    • Configuring web server to use client authentication and trust client CA
    • Connect with client authentication
    • Display resulting HTML
  • Conclusion

 
Terms and Conditions governing the use of this Web site. ASERT Privacy Policy. © 1998-2007 ASERT Consulting. All rights reserved.