Combined C/C++, Java and Web Application Security

Combined C/C++, Java and Web Application Security Course Description

Duration: 4.00 days (32 hours)

Price: $1,999.00

To serve in the best way heterogeneous development groups that are using various platforms simultaneously during their everyday work, we have merged various topics into a combined course that presents diverse secure coding subjects in didactic manner on a single training event. This course combines C/C++ and Java platform security to provide an extensive, cross-platform secure coding expertise.

Next Class Dates

Contact us to customize this class with your own dates, times and location. You can also call 1-888-563-8266 or chat live with a Learning Consultant.

Back to Top

Intended Audience for this Combined C/C++, Java and Web Application Security Course

  • » This course is designed to fit the needs of C/C++ developers, software architects and testers developing products with the extent use of native code.

Back to Top

Course Prerequisites for Combined C/C++, Java and Web Application Security

Back to Top

Combined C/C++, Java and Web Application Security Course Objectives

  • » Concerning C/C++, common security vulnerabilities are discussed, backed by practical exercises about the attacking methods that exploit these vulnerabilities, with the focus on the mitigation techniques that can be applied to prevent the occurrences of these dangerous bugs, detect them before market launch or prevent their exploitation.
  • » Security components and service of Java are discussed by presenting the different APIs and tools through a number of practical exercises where participants can gain hands-on experience in using them. The course also covers security issues of Web services and the related Java services that can be applied to prevent the most aching threats of the Internet based services. Finally, web- and Java-related security vulnerabilities are demonstrated by easy-to-understand exercises, which not only show the root cause of the problems, but also demonstrate the attack methods along with the recommended mitigation and coding techniques in order to avoid the associated security problems.

Back to Top

Combined C/C++, Java and Web Application Security Course Outline

      1. IT security and secure coding :
      2. General security vs. IT security
      3. IT security related terms
      4. Definition of risk
      5. Specialty of information technology security
      6. Different aspects of IT security
      7. Requirements of different application areas
      8. IT security vs. secure coding
      9. Building a secure system
      10. From vulnerabilities to botnets and cyber crime
        1. Nature of security flaws
        2. Reasons of difficulty
        3. From your computer to attacks against critical targets
        4. Cyber-crime ¡V an organized network of criminals
      11. Classification of security flaws
        1. Landwehr's taxonomy
        2. The Fortify taxonomy
        3. Vulnerability categories-Seven Pernicious Kingdoms
        4. OWASP Top Ten (2013 release candidate)
      12. Security relevant C/C++ programming bugs and flaws :
      13. Common security vulnerabilities
        1. Programming bugs
        2. Exploitable security flaws
      14. Combined C/C++, Java and Web application security:
      15. Protection principles
        1. Protection methods
        2. Specific protection methods
        3. Protection methods at different layers
        4. The PreDeCo matrix x86 machine code, memory layout, stack operations
      16. x86 machine code, mmory layout, stack operations
        1. Intel 80x86 Processors-main registers
        2. Intel 80x86 Processors-most important instructions
        3. Intel 80x86 Processors-control instructions
        4. Intel 80x86 Processors-stack handling instructions
        5. The memory address layout
        6. The stack
        7. The function calling mechanism in C/C++ on x86
        8. Calling conventions
        9. The local variables and the stack frame
        10. The stack frame during a function call
        11. Stack frame of nested calls
        12. Function calls-prologue and epilogue of a function
        13. Buffer overflow Stack overflow
      17. Stack Overflow
        1. Buffer overflow on the stack
        2. Overwriting the return address
        3. Localizing the position of the return address
        4. Exercise BOFIntro
        5. Exercise BOFShellcode
      18. Protection against stack overflow
        1. Stack Overflow -Prevention (during development)
        2. Stack Overflow-Detection (during execution)
        3. Buffer Security Check / stack smashing protection (/GS)
        4. Exercise BOFCookie ¡V Using Buffer Security Check
        5. Using Buffer Security Check (/GS)
        6. Effects of Buffer Security Check in the code
        7. The security_check_cookie() function
        8. Bypassing stack smashing protection ¡V Overwriting arguments
        9. Exercise BOFCookie-Circumventing /GS by using Write What Where
        10. Overwriting arguments - Mitigation
        11. Stack overflow- Anti-exploit techniques
      19. Address Space Layout Randomization (ASLR)
        1. Stack randomization with ASLR
        2. Address Space Layout Randomization (ASLR)
        3. Software ASLR
        4. Bypassing ASLR on the stack: NOP sled
      20. Data Execution Prevention
        1. Virtual Memory Management related protection
        2. Virtual Memory Management- Access Control
        3. Data Execution Prevention (DEP)
        4. Using Data Execution Prevention
        5. Exercise DEP
      21. Day 2
      22. Return-to-libc attack ¡V circumventing DEP
        1. Arc injection / Return-to-libc attack
        2. Exercise Return-to-libc
        3. Multiple function calls with return-to-libc
      23. Heap overflow
        1. Memory allocation managed by a doubly-linked list
        2. Buffer overflow on the heap
        3. Steps of freeing and joining memory blocks
        4. Freeing allocated memory blocks
      24. Protection against heap overflow
        1. Heap overflow- Prevention (during development)
        2. Heap overflow-Detection (during execution)
        3. Heap overflow - Anti-exploit techniques
        4. Mixing delete and delete[]
      25. Integer problems in C/C++
      26. Representation of negative integers
      27. Integer representation by using the two's complement
      28. Integer ranges
      29. The integer promotion rule in C/C++
      30. Arithmetic overflow - spot the bug!
      31. Exercise IntOverflow
      32. So why ABS(INT_MIN)==INT_MIN?
      33. Signedness bug - spot the bug!
      34. Consequences of signed/unsigned integer promotion
      35. Widthness integer overflow- spot the bug!
      36. Exercise GDI
      37. Exercise Board
      38. Integer problem mitigation
        1. Avoiding arithmetic overflow- addition
        2. Avoiding arithmetic overflow- multiplication
        3. The SafeInt class
        4. Other C compatible libraries
      39. Printf format string bug
      40. Printf format strings Printf format string bug-exploitation
      41. Exercise Printf- the printf format string bug
      42. Printf format string exploit- overwriting the return address
      43. Exercise PrintfExploit - exploiting the printf format string bug
      44. Mitigation of printf format string problem
        1. Printf format string bug - Prevention (during development)
        2. Printf format string bug-Detection (during execution)
        3. Printf format string bug-Anti-exploit techniques
      45. Other common security vulnerabilities
      46. Array indexing ¡V spot the bug!
      47. Unicode bug
      48. Other security flaws
      49. Miscellaneous flaws
        1. An example information leakage
        2. Serialization errors (TOCTTOU)
        3. Temporary files / a C++ TOCTOU vulnerability
        4. Risks using signaling mechanisms
      50. File I/O risks
        1. Directory Traversal Vulnerability
        2. Symbolic Link Vulnerability
      51. RSA timing attack
        1. Introduction to RSA algorithm
        2. Implementation of encoding/decoding in RSA
        3. Fast exponentiation
        4. Differences in execution times
        5. RSA timing attack
        6. Measurements
        7. RSA timing attack ¡V principles
        8. Correlation of total and partial execution times
        9. RSA timing attack ¡V in practice
        10. The RSA timing attack algorithm
        11. Practical exploitation using the RSA timing attack
        12. Attacking SSL servers
      52. Mitigation of side channel attacks
        1. Blind signature
      53. Advices and principles
      54. Matt Bishop's principles of robust programming
      55. The security principles of Saltzer and Schroeder
      56. Knowledge sources
      57. Secure coding sources- a starter kit
      58. Vulnerability databases Recommended books- C/C++
      59. Summary and takeaways
      60. Day 3
      61. Java security overview
      62. Java platform security overview Java security in brief
      63. Java applet security
      64. Java Web Start security
      65. Java ME security architecture
      66. Java Card security architecture
      67. Foundations of Java security
      68. The Java environment
      69. Java security
      70. Low-level security-the Java language
        1. Java language security
        2. Access modifiers
        3. Type safety
        4. Automatic memory management
        5. Java execution overview
        6. Bytecode Verifier
        7. Class Loader
        8. Protecting Java code
      71. High-level

Back to Top

Combined C/C++, Java and Web Application Security Course Benefits

  • » Security components and service of Java are discussed by presenting the different APIs and tools through a number of practical exercises where participants can gain hands-on experience in using them. The course also covers security issues of Web services and the related Java services that can be applied to prevent the most aching threats of the Internet based services. Finally, web- and Java-related security vulnerabilities are demonstrated by easy-to-understand exercises, which not only show the root cause of the problems, but also demonstrate the attack methods along with the recommended mitigation and coding techniques in order to avoid the associated security problems.

Back to Top

Do you have the right background for Combined C/C++, Java and Web Application Security?

Skills Assessment

We ensure your success by asking all students to take a FREE Skill Assessment test. These short, instructor-written tests are an objective measure of your current skills that help us determine whether or not you will be able to meet your goals by attending this course at your current skill level. If we determine that you need additional preparation or training in order to gain the most value from this course, we will recommend cost-effective solutions that you can use to get ready for the course.

Our required skill-assessments ensure that:

  1. All students in the class are at a comparable skill level, so the class can run smoothly without beginners slowing down the class for everyone else.
  2. NetCom students enjoy one of the industry's highest success rates, and pass rates when a certification exam is involved.
  3. We stay committed to providing you real value. Again, your success is paramount; we will register you only if you have the skills to succeed.
This assessment is for your benefit and best taken without any preparation or reference materials, so your skills can be objectively measured.

Take your FREE Skill Assessment test »

Back to Top

Award winning, world-class Instructors

Carmille A.
- Highly-skilled in graphics and web software including Adobe CS3, CS4 & CS5 Photoshop, Dreamweaver, Illustrator, InDesign, Captivate, Acrobat and Quark; - Expert in Microsoft Office, including Excel, Word and PowerPoint. Licensed Application Instructor and Microsoft Certified Trainer since 2000. - Over 20 years of experience as Creative Director for multinational corporations such as McCann Erickson, Lintas, and Publicis. Bio: Carmille has been a Licensed Application Instructor and Microsoft Certified Trainer for years. She specializes in web development, business productivity and digital media applications such as SharePoint, Quark and the Adobe Creative Suite as well as numerous programming languages including XML, XHMTL, HTML and CSS. Carmille is passionate about educating and has a unique talent for making complex design and development principals seem "easy" to students from all levels of expertise. She currently teaches Adobe Graphic and Web Designer, Microsoft Office Specialist, SharePoint End User and the acclaimed Website Development Professional courses at NetCom Learning. Her 20+ years of experience as Creative Director for multinational corporations bring a special and innovative approach to her classes at NetCom Learning.
Charles W.
- Expert in Microsoft Office applications such as Excel, Word, PowerPoint, Outlook, Project, Visio, and Access as well as Adobe Graphic and Web Designer (InDesign, Acrobat, Photoshop, Illustrator, Dreamweaver and Flash Catalyst)
- Holds an A.A.S in Graphic Design as well as various Awards and Affiliations, including MCT, MCP, MCAS, and Office 2007 Master.
- Senior Lead Trainer for over 10 years.

Bio:

Charles is a Technical Trainer & Instructional Designer for over 10 years. He is a Microsoft Certified Trainer and dedicates himself to Microsoft Office applications such as Excel, Word, PowerPoint, Outlook, Project, Visio, and Access. He is also an Adobe specialist and holds a degree in Graphic Design.

Charles is well known for his high evaluation scores, achieving 8.75 out of 9 on a regular basis, teaching in one-on-one, instructor-led, and web-based environments; one of the reasons for his high evaluation is his expertise in increasing personnel performance by developing and implementing programs constructed from the job task analysis process. Charles currently teaches Adobe Graphic and Web Designer, and Microsoft Office Specialist courses at NetCom Learning.
Donna H.
- High-skilled trainer and speaker. Delivered presentations in Dubai, Tokyo, London, New York, and China.
- ITIL V3 Expert, teaching ITIL courses since 2005. More than 99% of her students have passed their ITIL Certification exams.
- Process Improvement Expert with more than 15 years of experience in the Support Center industry as a practitioner, consultant and certified trainer.

Bio:

Donna is an expert in project management and Process Improvement. Her amazing presentation skills have taken her around the world, giving arrangements in Dubai, Tokyo, London, New York and China to name a few. "The Donna", as she is known in the industry, has more than 15 years of experience in the Support Center industry as a practitioner, consultant and certified trainer.

Donna holds ITIL V3 Expert Certification and offers training and consulting services through NetCom Learning on Process Improvement framework as well as the ITIL practitioner level suite of Lifecycle and Capability Stream certification courses. She began presenting ITIL classes in 2005, and 99% of her students have passed their ITIL Certification exams. Along with ITIL courses, she promotes best practices in the support center industry, focusing on customer service skills training, individual and support center certification, training and consulting, and process infrastructure improvement.
Ginger M.
- Bachelor's Degree in Accounting and a Masters of Business Administration from Rutgers University.
- Over 9 years of experience as a Master Certified Trainer. Expert in MS Dynamics GP Financials, Installation, HR/Payroll, Project Accounting, Inventory and Integration Manager.
- Project Manager to various MS Dynamics Great Plains implementations.

Bio:

Ginger holds a Bachelor's Degree in Accounting and a Masters of Business Administration from Rutgers University. Her career started as an Auditor for Deloitte & Touch and over the years she developed her passion for Microsoft Dynamics, implementing Dynamics GP and Project Cost in the Professional Services, Commercial Real Estate and Medical Facilities vertical markets.

Ginger's experience with Microsoft Dynamics is unparalleled. As a Certified Master Dynamics trainer, she stays abreast of the latest Dynamics modules and shares experience with a very hands-on training technique at NetCom Learning.
Hisham S.
- Masters Degree in Computer Science and several academic projects published over the years.
- Over 20 years of experience as a professor in local and foreign universities, and as a trainer focusing on Web Development.
- In-depth knowledge of programming, including MySQL, PHP, and AJAX.

Bio:

Hisham holds a Masters Degree in Computer Science, in addition to having more than 20 years of experience as a professor and a trainer. His proven expertise, including a position as a Professor of the Department of Computer Science at Minia University Egypt, and a Professor of the Department of Computer Science at City University of New York, in MySQL, PHP, and AJAX is beyond comparison.

As a NetCom Learning instructor, Hisham stays up to date with the latest news in Advanced Website Development. He shares his knowledge and experience in a very focused and clear way, which students find very enticing.
J Tom K.
- Software Developer and sought-after Microsoft Certified Trainer (MCT) with over 30 years of hands-on experience.
- Expert in Microsoft technologies: .NET Framework, C#, VB .NET, ASP .NET, XML Web Services, ADO .NET, SQL Server, SharePoint Portal Server, Content Management Server, Commerce Server, BizTalk, MSMQ, COM+, COM Migration to .NET and PocketPC development.
- Extremely knowledgeable and rated as excellent by NetCom Learning students.


Bio:

Tom Kinser is an accomplished Software Developer and sought-after Microsoft Certified Trainer (MCT). Tom is also an expert in successfully designing software, managing and training programmers for over 30 years.

Tom specializes in helping businesses, enterprises, and government agencies apply current technologies to solve their unique business problems. He accomplishes this via hands-on training in cutting-edge programming and database design techniques. Tom consistently delivers successful training engagements in both classroom and live-online settings and is rated as excellent by NetCom Learning students.
Joseph D.
- Highly-skilled Autodesk Certified Instructor; working with Autodesk Softwares since 1993.
- Expert in AutoCAD, Autodesk 3DS, Autodesk Revit, Mechanical Desktop, Inventor, and Architectural Desktop.
- Authored course materials for numerous Autodesk courses.

Bio:

Joseph is an Autodesk Certified Instructor specializing in developing and teaching Autodesk courses, with a working knowledge of such products as AutoCAD, Autodesk 3DS, Autodesk Revit, Mechanical Desktop, Inventor, and Architectural Desktop.

In addition to teaching and developing courses for the past 10 years, Joseph has authored course materials for many AutoDesk courses. He is also well versed in Inventor 8 and 9.

Joseph demonstrates a straightforward, down-to-earth teaching style in order to reach students at widely differing levels of expertise. His extensive product knowledge and exuberant teaching style makes Joseph a consistently highly rated instructor at NetCom Learning.
Michael G.
- Over 22 years of professional experience in the IT field, including more than a decade as a Certified Trainer.
- An expert in Cisco's Routing, Switching, Security, Voice and Wireless areas, as well as select Microsoft, Novell, CompTIA, Sun and CWNP courses.
- High-skilled and acclaimed instructor. Has trained over 900 students at Netcom Learning.

Bio:

Michael has over 22 years of professional experience in the IT field, including more than a decade as a Certified Trainer. An expert in Cisco's Routing, Switching, Security, Voice and Wireless areas, Michael also teaches select Microsoft, Novell, CompTIA, Sun and CWNP courses.

Michael's dedication and passion for teaching is unmatched. He has trained over 900 students at Netcom Learning since 2006 and his evaluation scores average 8.7 out of 9.
Paul B.
- Microsoft Office Specialist with over 14 years of training experience.
- Expert in the IT industry, working in the IT field since 1986.
- Highly rated instructor with an all-time average evaluation score of 8.7 out of 9.

Bio:

Paul is Subject Matter Expert specializing in the Microsoft Office Suite and SharePoint end-user technologies with more than 25 years of practical experience in the IT industry. He is also a Microsoft Certified Trainer (MCT) with over 14 years of training experience.

A sought-after instructor and eternal favorite among students, his instructor feedback scores are among the industry's highest at 8.7 out of 9.0. As a trainer, his knowledge and passion for the subject matter as well as his personable nature, excellent communications skills and sense of humor are implicit in every class. NetCom Learning is proud to have Paul on our roster of IT geniuses.
Ramesh P.
Ramesh holds a Masters Degree in Computer Science with specialization in Information Security and is pursuing his Doctoral degree in IT from the University of South Australia (UniSA). He is a one of a kind trainer - he has been working in the IT field since 1995 and is an expert in C#, VB.NET, ASP.NET, Java/J2EE, PL/SQL, VB, ASP, and XML technologies. Ramesh also has extensive experience developing and implementing BizTalk and SharePoint in large corporations, as well as more than 10 years experience working with Oracle and SQL server/Sybase databases. With more than 19 certifications, Ramesh is an IT guru and trainer with worldwide experience, which includes presentations and trainings across US, Asia, and Middle East. He is a full time instructor at NetCom Learning and we couldn't be happier in having him as one of our Subject Matter Experts.
Richard L.
- Over 20 years experience in the IT industry.
- CEH and Microsoft training for many government agencies, including the United States Department of Homeland Security, and the Federal Bureau of Investigation.
- CEH and Microsoft training for Fortune corporations such as Merrill Lynch and ADP.

Bio:

Richard is a premier Microsoft Certified Trainer and Certified EC-Council Instructor. He has over 20 years of experience as a network administrator, security consultant, vulnerability assessor, and penetration tester for assorted Fortune companies.

Richard??s knowledge on the development and implementation of policies and procedures concerning the security of network data is unsurpassed. He has conducted successful CEH and Microsoft training classes for many government agencies including the United States Department of Homeland Security, the Department of Justice and the Federal Bureau of Investigation, as well as Fortune enterprises such as Merrill Lynch and ADP.
Sam P.
- Team leader for the first undergraduate team to win the Duke Startup Challenge.
- Over 15 years of experience in the IT industry.
- NetCom Learning Instructor of the Year 2011.

Bio:

Sam Polsky has spent his entire career in entrepreneurial pursuits, including such fields as biotechnology, software development, data management, and business process management. He began in entrepreneurship as team leader for the first undergraduate team to win the Duke Startup Challenge, a business development competition geared towards Duke Universitys various graduate schools.

Sam Polsky has since co-founded a consulting firm where he has been involved in software architecture, development and implementation. On top of that, Sam has been delivering acclaimed solutions in software architecture, development and implementation for over 15 years. He is a much-admired Subject Matter Expert and Trainer at NetCom Learning and was voted NetCom Learning Instructor of the Year 2011
Jose P.
Jose Marcial Portilla has a BS and MS in Mechanical Engineering from Santa Clara University. He has a great skill set in analyzing data, specifically using Python and a variety of modules and libraries. He hopes to use his experience in teaching and data science to help other people learn the power of the Python programming language and its ability to analyze data, as well as present the data in clear and beautiful visualizations. He is the creator of some of most popular Python Udemy courses including "Learning Python for Data Analysis and Visualization" and "The Complete Python Bootcamp". With almost 30,000 enrollments Jose has been able to teach Python and its Data Science libraries to thousands of students. Jose is also a published author, having recently written "NumPy Succintly" for Syncfusion's series of e-books.

See more...   See more instructors...

Back to Top

Recent Client Testimonials & Reviews

The classroom was awesome as always. Learned a ton. I will be putting into use.

- Michael D.

Course(s) Taken

» AngularJS Training: Comprehensive AngularJS Training

The classroom was very comfortable. Enjoyed learning from the instructor again.

- John K.

Course(s) Taken

» AngularJS Training: Comprehensive AngularJS Training

The instructor did a great job keeping us on track. We covered a lot of material.

- Tony P.

Course(s) Taken

» Data Analytics with R Language

  More testimonials »  

Back to Top

Ways to contact us

Back to Top