Secure Developer Java (Inc OWASP) Training Course

Building a secure networked application can be challenging, even for developers who have previously worked with various cryptographic components such as encryption and digital signatures. To help participants grasp the role and application of these cryptographic primitives, the course first establishes a solid foundation covering the core requirements of secure communication—secure acknowledgment, integrity, confidentiality, remote identification, and anonymity. It also explores typical issues that can compromise these requirements, along with real-world solutions.

As cryptography is a critical pillar of network security, the course examines key algorithms in symmetric cryptography, hashing, asymmetric cryptography, and key agreement. Rather than delving into complex mathematical theory, these topics are presented from a developer's perspective, featuring practical use cases and considerations such as the implementation of public key infrastructures. The course introduces security protocols across various domains of secure communication, with in-depth coverage of widely used protocol families like IPSEC and SSL/TLS.

Common cryptographic vulnerabilities are examined, including those affecting specific algorithms and protocols such as BEAST, CRIME, TIME, BREACH, FREAK, Logjam, Padding Oracle, Lucky Thirteen, POODLE, and the RSA timing attack. For each vulnerability, practical implications and potential consequences are outlined, again avoiding deep mathematical detail.

Finally, as XML plays a central role in data exchange for networked applications, the course addresses XML security. This includes the use of XML in web services and SOAP messages, along with protective measures such as XML signature and XML encryption. It also highlights weaknesses in these protections and XML-specific security threats, including XML injection, XML External Entity (XXE) attacks, XML bombs, and XPath injection.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Understand the requirements of secure communication
• Learn about network attacks and defenses at different OSI layers
• Have a practical understanding of cryptography
• Understand essential security protocols
• Understand some recent attacks against cryptosystems
• Get information about some recent related vulnerabilities
• Understand security concepts of Web services
• Get sources and further readings on secure coding practices

Audience

Developers, Professionals

Developing secure C and C++ applications demands stringent defences against malicious exploitation, memory corruption, and the bypass of input validation. This course explores common vulnerability patterns, such as buffer overflows, use-after-free errors, integer overflows, and type confusion. Participants will implement secure coding guidelines, utilise static analysis tools, and apply defensive programming techniques to mitigate weaknesses, enforce rigorous input sanitization, and produce robust software that withstands cyberattacks.

Even seasoned Java programmers often don't fully grasp the full range of security services provided by Java, nor are they always aware of the various vulnerabilities that affect web applications written in Java.

Alongside introducing the security components of Standard Java Edition, this course addresses security issues within Java Enterprise Edition (JEE) and web services. The discussion of specific services is grounded in the fundamentals of cryptography and secure communication. Through a variety of exercises, participants explore declarative and programmatic security techniques in JEE, while also covering both transport-layer and end-to-end security for web services. The practical application of all these components is demonstrated through several hands-on exercises, allowing participants to test the discussed APIs and tools themselves.

The course also examines and explains the most common and severe programming flaws in the Java language and platform, as well as web-related vulnerabilities. Beyond typical bugs made by Java programmers, the security vulnerabilities covered include both language-specific issues and problems arising from the runtime environment. All vulnerabilities and their corresponding attacks are demonstrated through easy-to-understand exercises, followed by recommended coding guidelines and possible mitigation techniques.

Participants attending this course will

• Understand the basic concepts of security, IT security, and secure coding
• Learn about web vulnerabilities beyond the OWASP Top Ten and know how to avoid them
• Understand the security concepts of web services
• Learn to utilise various security features of the Java development environment
• Develop a practical understanding of cryptography
• Understand the security solutions offered by Java EE
• Learn about typical coding mistakes and how to avoid them
• Gain information about some recent vulnerabilities in the Java framework
• Acquire practical knowledge in using security testing tools
• Receive sources and further reading recommendations on secure coding practices

Audience

Developers

Apache Groovy is a dynamic programming language for the JVM (Java Virtual Machine). Its features include scripting capabilities, Domain-Specific Language authoring, runtime and compile-time meta-programming, and functional programming. Groovy is often used as a complement to Java.

In this instructor-led, live training, participants will learn how to program in Groovy by stepping through the creation of a sample application.

Audience

• Developers

Course Format

• Part lecture, part discussion, with exercises and extensive hands-on practice

This instructor-led, live training in New Zealand (online or onsite) is aimed at beginner-level developers who wish to learn the fundamentals of Groovy programming.

By the conclusion of this training, participants will be able to:

• Grasp the foundational concepts of programming.
• Write simple Groovy scripts and leverage core Groovy features.
• Understand and apply the basic principles of object-oriented programming using Groovy.
• Learn essential error-handling techniques to manage common programming errors and exceptions in Groovy.

This instructor-led, live training in New Zealand (online or onsite) is designed for intermediate-level Java developers who wish to design, develop, deploy, and maintain microservices-based applications using Java frameworks such as Spring Boot and Spring Cloud.

By the conclusion of this training, participants will be able to:

• Understand the core principles and benefits of microservices architecture.
• Build and deploy microservices using Java and Spring Boot.
• Implement service discovery, configuration management, and API gateways.
• Secure, monitor, and effectively scale microservices.
• Deploy microservices using Docker and Kubernetes.

This instructor-led, live training in New Zealand (available online or onsite) is tailored for intermediate to advanced developers seeking to master the development of microservices using Spring Boot, Docker, and Kubernetes.

By the end of this training, participants will be able to:

• Comprehend microservices architecture principles.
• Build production-ready microservices using Spring Boot.
• Understand the critical role of Docker in containerising microservices.
• Configure Kubernetes clusters to deploy and orchestrate microservices.

This instructor-led, live training in New Zealand (delivered online or on-site) is aimed at developers who wish to leverage Quarkus to build, test, and deploy Java-powered applications with reduced resource utilisation.

By the end of this training, participants will be able to:

• Set up the necessary development environment to begin building applications with Quarkus.
• Build, compile, and run applications in native mode using GraalVM.
• Leverage Quarkus tooling and extensions to create native applications using Maven.
• Containerise, execute, and deploy applications using Docker.

This instructor-led, live training in New Zealand (online or onsite) is aimed at intermediate to advanced-level developers and architects who wish to develop Java native applications and microservices using Quarkus, with a focus on optimised memory usage and rapid startup times.

By the end of this training, participants will be able to:

• Develop high-performance, lightweight Java native applications using Quarkus.
• Build and deploy RESTful services and microservices architectures.
• Use GraalVM for native compilation and optimise startup and memory efficiency.
• Package and containerise applications for Kubernetes and OpenShift environments.

This instructor-led, live training in New Zealand (online or on-site) is intended for software architects and web developers who wish to use RabbitMQ as a messaging middleware and develop Java applications using Spring.

By the end of this training, participants will be able to:

• Use Java and Spring with RabbitMQ to build applications.
• Design asynchronous, message-driven systems using RabbitMQ.
• Create and configure queues, topics, exchanges, and bindings in RabbitMQ.

This instructor-led, live training in New Zealand (online or on-site) is tailored for web developers who aim to build functional front-end and back-end web applications using Spring Boot, React, and Redux.

By the end of this training, participants will be able to:

• Build a front-end application using React and Redux.
• Create RESTful APIs with Spring Boot.
• Secure web services using Spring Security and JWT web tokens.

This instructor-led, live training in New Zealand (online or on-site) is designed for Java developers who wish to use the Spring 5 framework to develop and deploy enterprise-grade web applications.

By the end of this training, participants will be able to:

• Install and configure Spring 5.
• Understand and implement the latest features of Spring 5.
• Access databases using Spring applications.
• Utilise the new reactive web framework, WebFlux, to build reactive applications.
• Integrate Spring applications with legacy Java EE systems.
• Test and deploy enterprise-grade Spring applications.

Spring is a comprehensive Java framework that simplifies enterprise application development by providing powerful dependency injection, modular architecture, and streamlined configuration options.

This instructor-led, live training (online or on-site) is designed for beginner-level Java developers who wish to build modern, production-ready web applications using the latest version of the Spring Framework and Spring Boot 3.5.5 with Java 21.

By the end of this training, participants will be able to:

• Understand Spring's core principles, including IoC, DI, and AOP.
• Configure Spring applications using XML, annotations, and JavaConfig.
• Develop RESTful services using Spring Boot and JPA.
• Implement CRUD operations, manage transactions, and handle data persistence.
• Utilise advanced Spring features such as profiles, exception handling, and data serialisation.

Course Format

• A brief theoretical introduction followed by extensive practical exercises.
• Hands-on implementation using real-world examples.
• Interactive discussion and guided troubleshooting.

Course Customisation Options

• To request a customised training session for this course, please contact us to arrange.

Spring WebFlux is a reactive programming module within the Spring Framework, designed to build non-blocking, event-driven web applications.

This instructor-led, live training (available online or on-site) is tailored for beginner to intermediate-level Java developers who want to build scalable and responsive applications using Spring WebFlux.

By the end of this training, participants will be able to:

• Grasp the fundamentals of reactive programming with Project Reactor.
• Build and test non-blocking RESTful APIs using Spring WebFlux.
• Integrate WebFlux with databases and external services.
• Apply reactive patterns to real-world application scenarios.

Course Format

• Interactive lectures and discussions.
• Plenty of exercises and hands-on practice.
• Practical implementation in a live lab environment.

Course Customisation Options

• To request a customised version of this course, please contact us to arrange.

This instructor-led, live training in New Zealand (online or on-site) is tailored for developers who wish to leverage WebFlux to develop and deploy reactive applications.

By the conclusion of this training, participants will be able to:

• Install and configure Spring 5 and the WebFlux framework.
• Develop reactive applications and services.