Training: Secure

Coding in Java

NCC Group offers the most effective

secure coding training available based
Learning Objectives
on years of experience reviewing client
source code and improving the security Participants should come away from the course
of the software they develop. with a working knowledge of common programming
errors that lead to software vulnerabilities, how
these errors can be exploited and effective
mitigation strategies for preventing the introduction
of these errors.
Course Overview
NCC Group assists enterprises and product companies in
improving the security of the software they develop. We help to In particular, participants will learn how to:
improve security during project design, implementation, testing
and also once software is released or running in a production
environment. • Explain the need for secure coding
• Follow fundamental secure coding guidelines
Our services include application code review where
NCC Group consultants identify security flaws including; • Validate and sanitize data
missing or invalid input validation, improper data sanitisation, • Explain the Java Security Model
conversion errors, numeric errors, logical errors and invalid
assumptions and recommend specific fixes and general secure • Predict how the numerical types behave in
coding practice improvements. Often the best time to eliminate Java
these problems is during development. • Avoid pitfalls in the use of characters and
strings
We also offer secure coding training courses to help
developers develop a security mindset and eliminate security • Securely process input and output
flaws before they are created.

The two-day instructor-led Secure Coding for Java course Moreover, the course encourages programmers to
provides developers with practical guidance for developing adopt security best practices and develop a security
Java programs that are robust and secure. mindset that can help protect software from
tomorrow’s attacks, not just today’s.
Material in this presentation was derived from the Addison-
Wesley book The CERT Oracle Secure Coding Standard for
Java and is supported by the Secure Coding Rules for Java
LiveLessons videos.
Requirements Required Equipment

The course assumes basic Java programming skills but does Students must bring a personal computer equipped with the
not assume an in-depth knowledge of software security. following:

The course is designed primarily for Java SE 8 developers but • Java SE Development Kit 8 (this can be downloaded from
should also be useful to developers using older versions of the http://www.oracle.com/technetwork/java/javase/
SE platform as well as Java EE and ME developers. Course downloads/jdk8-downloads-2133151.html).
demos and solutions to exercises are presented using the
Eclipse IDE but students are free to use any IDE for reviewing
• Eclipse IDE for Java Developers or other a Java 8
compatible IDE (this can be downloaded from
example code and performing exercises.
https://www.eclipse.org/downloads/).

Duration • 100MB or greater of free hard disk space.

• The latest version of Adobe Reader (this can be
Four days and can be customised to your schedule. downloaded from http://www.adobe.com/products/
acrobat/readstep2.html).
Student Requirements
Students will receive instructions on obtaining the course
Some level of familiarity and efficiency in Java programming. excercises, demos, and examples. Before coming to class on
the first day, students should ensure that these resources are
What to bring available from their personal computers.

A properly equipped laptop (see required equipment). Materials Provided

Pricing The CERT Oracle Secure Coding Standard for Java and Java
Coding Guidelines: 75 Recommendations for Reliable and
Our pricing is competitive with other specialised training Secure Programs books authored by Robert C. Seacord and
offerings on a per-seat or per-course basis. published by Addison-Wesley will be provided. Participants will
also receive a DVD containing course and reference materials.
Trainer
This courseware has been designed by Robert C. Seacord, a
renowned computer scientist and author, known as the “father
of secure coding.” Robert is a Principal Security Consultant
with NCC Group where he works with software developers and
About NCC Group
software development organizations to eliminate vulnerabilities
resulting from coding errors before they are deployed.
NCC Group is a global expert in cyber security and
risk mitigation, working with businesses to protect
Previously, Robert led the secure coding initiative in the CERT
their brand, value and reputation against the
Division of Carnegie Mellon University’s Software Engineering
ever-evolving threat landscape.
Institute (SEI). Robert is also an adjunct professor in the School
of Computer Science and the Information Networking
With our knowledge, experience and global
Institute at Carnegie Mellon University. Robert is the author
footprint, we are best placed to help businesses
of six books, including The CERT C Coding Standard, Second
identify, assess, mitigate & respond to the risks they
Edition (Addison-Wesley, 2014) Secure Coding in C and C++,
face.
Second Edition (Addison-Wesley, 2013), and Java Coding
Guidelines: 75 Recommendations for Reliable and Secure
We are passionate about making the Internet safer
Programs (Addison-Wesley, 2014). Robert is on the Advisory
and revolutionising the way in which organisations
Board for the Linux Foundation and an expert on the ISO/
think about cyber security.
IEC JTC1/SC22/WG14 international standardization working
group for the C programming language.

For more information from NCC Group, please contact:

+44 (0) 161 209 5200 [email protected] www.nccgroup.trust

NCCGTSCJV10616