Secure Coding in Java
Duration: 2 days

Back to course list Home
Synopsis This seminar focuses on aspects of secure programming - writing applications that are not only performant, but resilient in the face of hacker attacks and tampering. Common vulnerabilities such as buffer overflows, format string attacks, directory traversals and others are explained in detail. For each, we discuss the programming anti-pattern that can lead to the error occurence, its exploitation, and ways to remediate it. The course not only shows the errors and their remediation, but also presents principles of Secure Design - which, if applied a priori, can often counteract and mitigate errors that may lurk in code.
Target Audience Developers in Java, developing applications that process sensitive data, are Internet facing, or are otherwise potentially subject to hacking (intrusion) or cracking (license-bypassing/key generation, etc.)
  • Explain Secure Design principles - Least privlege, compartmentalization, failing safely, and more
  • Explain the difference between intended and unintended functionality
  • Describe common programming faults and anti-patterns
  • Recognize the importance of input validation
  • Avoid programming pitfalls
Exercises Exercises are optional in this course, but are highly recommended. Exercises may lengthen the course by one day (i.e. to 3 days), but provide solid foundations and examples both how to secure applications, and break insecure ones.
1. Introduction
1 hours
This module explains the difference between traditional programming practices and secure ones. We introduce the Software Development LifeCycle (SDLC), and explain how security can and must be built into each and every one of its phases.
2. Vulnerabilities
2 hours
When does an innocent programming bug turn into a far-reaching vulnerability? This module discusses in detail the difference between functional bugs and security vulnerabilities, by defining the vulnerability classes and going into actual case-studies of specific vulnerabilities - that could have all been remediated with an ounce of forethought.
3. Improper file handling
2 hours
The nooks and crannies of handling files as input:
  • Temporary files - secure creation and deletion of temporary files
    • Directory Traversals - escaping the application's working directory to gain access to other files
      • Race Conditions - Time-of-Check-Time-of-Use (TOCTOU) with files
        • Alternates - Symbolic Links, Alternate Data Streams, reserved files and other complications when creating files
          4. Lost in translations
          2 hours
          The painful pitfalls of mixing languages and technologies, especially in the dynamic construction of strings:
          • Command Injection - How insecure shell escapes lead to compromise
            • Script Inection - How impromper output escaping leads to Javascript injection and Cross-Site Scripting (XSS)
              • SQL Inection - How insecure construction of SQL strings leads to information leakage, privilege escalation - or total system compromise.
                5. Crypto-foibles
                2 hours
                The common pitfalls of using cryptography and random numbers
                  • Insecure storage - How not to store passwords and other secrets
                    • Insufficient randomness - Why Math.random() and its counterparts are bad
                      • Maintaining sessions - How to correctly generate session identifiers, token, GUIDs, etc..
                        6. Java specific Attacks
                        2 hours
                        Java, being a high-lever, virtual machine based language, is resistant to many C/C++ pitfalls - but is with no shortage of its own faults. Here, we cover
                        • Java - Class Trojaning
                          • Reverse Engineering
                            • Serialization attacks
                              • Posion Null Byte attacks
                                • Java best practices
                                  *. Threat Modeling (Optional)
                                  2 hours
                                  Recommended for designers and system architects, this module provides an introduction to threat modeling - the process of considering potential attacks in the design phase as gedanken experiments. Constructing attack trees and using methodologies such as Microsoft's STRIDE and DREAD
                                  *. Security Testing (Optional)
                                  2 hours
                                  Recommended for QA testers, this module presents security testing, and how it both differs from and complements functional testing. Topics include:
                                  • Security testing vs. functional (QA) testing
                                    • Crafting abuse cases
                                      • Input malformation and permutations
                                        • Fuzzing specifics - text, JSON, XML, and binary data