View the text version of Merit Network web site.
 Merit Network
Search Merit Site | Text Version | Site Map | Log In




About Merit   Services   Network   Support & Resources   Network Research   News   Events   Home
SANS Institute's Secure Coding in Java/JEE - Merit Network, Inc.

SANS 541 Course

Register for Course
Laptop Setup Requirements
Directions to MITC

More Events





Learn Techniques for Creating Secure Applications

Merit Network is pleased to host an interactive video presentation of the SANS Institute's Developer 541 course, "Secure Coding in Java/JEE: Developing Defensible Applications." The class will be held Monday through Thursday, January 5-8, 2010, at Merit's offices in Ann Arbor. It will be of value to programmers who want to build more secure applications, as well as to others in the development process who want a deeper understanding of techniques for avoiding security vulnerabilities.
Register for this course
In this innovative presentation, the course will be delivered via interactive teleconference to several participating sites across the U.S, presented by a SANS instructor at a remote location. A full course description appears below.

The registration fee for attendees from educational institutions and state and local governments is $1495, a savings of 50% compared to the standard price of $2995 when delivered in a classroom setting. This is a unique opportunity to engage in very high-quality security training at a tremendous savings. In accordance with the SANS Institute's policies, the reduced price is available only to attendees from educational institutions and state and local governments. Others may attend for the retail price of $2,995.

Details about the course

Traditionally, great programmers have been known by the elegance, effectiveness and reliability of their code. Today, security has joined those traditional measures as an essential aspect of good coding. Institutions of all kinds now require that their development teams demonstrate mastery of secure coding skills and knowledge, often through third-party testing. For programmers and their organizations, this raises the unavoidable question, "What is meant by secure coding, and where can I learn it?"

"Secure Coding in Java/JEE" presents the skills and knowledge being measured in third-party assessments as defined in the Essential Skills for Secure Programmers Using Java/JavaEE. You can find the Essential Skills document at: http://www.sans-ssi.org/blueprint_files/java_blueprint.pdf

This is a comprehensive course covering a huge set of skills and knowledge. Rather than teaching you to use a set of tools, the course will teach concepts of secure programming. This involves looking at a specific piece of code, identifying a security flaw, and implementing a fix for that flaw.

In this course you will examine actual code, work with real tools, build applications, and gain confidence in the resources you need for the journey to improving the security of Java applications. The course features hands-on work with challenging exercises and concrete examples that you will be able to put to use immediately. You will be prepared with strong validation techniques that you can apply to protect Java applications for current and future projects.

Major topics include:
  • Input handling to ensure input from their interfaces are properly processed and validated.
  • Understanding authentication and session management and mastering authentication principals
  • Active enforcement of access control to guaranteeing the confidentiality of user data.
  • Security Implications of built-in data types and Java-specific memory management
  • Properly handling application faults.
  • Structuring multi-threaded programs securely
  • Making connections with other applications securely
  • Using JAR Sealing and J2EE Filters effectively
For complete course details, please visit SANS's full description at:
http://www.sans.org/training/description.php?mid=912

Who Should Attend?

This course is ideal for:
  • Developers who want to build more secure applications
  • Java EE programmers
  • Software engineers
  • Software architects
  • Application security auditors
  • Technical project managers
  • Senior software QA specialists
  • Penetration testers who want a deeper understanding of target applications or who want to provide more detailed vulnerability remediation options

Prerequisites

Students should have at least one year's experience working with the JEE framework and should have thorough knowledge of Java language and web technology.

Laptop requirement

Students are required to bring a laptop that has been properly configured in advance. Laptop requirements and preparation steps are given at:
Laptop Setup Requirements

About the instructor

Randy Marchany is the director of Virginia Tech's IT Security Laboratory and the university's assistant IT security officer. He is a co-author of the original SANS Top 10 Internet Threats, the SANS Top 20 Internet Threats, the SANS Consensus Roadmap for Defeating DDoS Attacks, and the SANS Incident Response: Step-by-Step guides. He is a member of the Center for Internet Security development team that produced and tested the CIS Solaris, HPUX, AIX, Linux and Windows2000/XP security benchmarks and scoring tools. He was a member of the White House Partnership for Critical Infrastructure Security working group that developed a consensus roadmap for responding to the DDOS attacks of 2000.

About SANS

The SANS Institute is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. SANS also sponsored the creation of GIAC a leading industry security certification. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community.

Location, times and registration

"Secure Coding in Java/JEE: Developing Defensible Applications" will be held at the Michigan Information Technology Center, 1000 Oakbrook Drive, Ann Arbor, Michigan, on Tuesday through Friday, January 5-8, 2010. Each day will begin with continental breakfast at 8:15 a.m., with the agenda beginning at 9:00 a.m. and concluding by 5:00 p.m.

Registration for attendees from educational institutions and state and local governments is $1495; others may attend for $2,995. Continental breakfast, snacks and beverages will be provided each day. Wireless Internet service is available in the classroom.

Registration is available online, and payment can be made by credit card, check, or purchase order. Registration may be canceled up to 5:00 p.m. EDT on Friday, December 18, 2009, minus a processing fee of $35. Cancellations are not available after December 18; substitutions are allowed if necessary.

Register now by using the following link:
Register for the SANS 541
For more information, please contact


More Merit Events.






Register today for this course!




Home » Events » Merit Events Archive » Special Events Archive » SANS Institute's Secure Coding in Java/JEE
Print this.
Print This
Send This.
Send This


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Widget | Merit Network Home


Copyright © 2009 Merit Network, Inc.
1000 Oakbrook Drive, Suite 200, Ann Arbor, Michigan 48104-6794
Phone: (734) 527-5700    Fax: (734) 527-5790    E-mail: