Secure Coding in Java

2 days Online / Zoom English Certificate 15 people max Victor Rentea €7500 ~~9375~~

A practical workshop covering core cryptography and web security, OWASP top attacks with Spring fixes, and in-depth authentication and authorization using Spring Security framework.

Introduction

This training is for you if you've experienced security incidents in production, received a pen-test or audit and want to prevent recurring issues, or if your project requires early attention to security due to its sensitive nature. It's also suitable if you're seeking a review of your team's secure coding practices. Prior exposure to security concerns is recommended.

Agenda

Securing Applications with Spring

Authentication: Form Login, Basic, API Token, Pre-Auth headers, JWT token
Function-Level Authorization: URL-patterns and annotations, Role- vs Authority- based
Spring Security Architecture, writing a custom filter, debugging
Object-Level Authorization: data jurisdiction, permission evaluator, data visibility
Unit-Testing Backend Authorization

OAuth2

Tokens, Actors, Front- vs Back- channel, Single-Sign On (SSO)
Flows: Authorization Code, Client Credentials, Implicit Flow Authorization Code+PKCE
Social Login (eg “login with Google”), OpenID Connect
Workshop: Spring OAuth using KeyCloak
[optional deep-dive] Example attacks on OAuth; dissecting the exchanges (2 hours)

Victor is a Java Champion, Java Enterprise Architect, and Independent Trainer, delivering intense masterclasses for companies worldwide since 2014. He is passionate about software architecture, clean code, refactoring, and unit testing. He is a regular speaker at top international conferences. He's also the founder of the Bucharest Software Craftsmanship Community with 4000 members.

🎉 Request training for your team →