Day 1: Introduction to Java Application Security

• Fundamental security concepts: Introduction to the basic principles of application security, including confidentiality, integrity and availability.
• Overview of threats and vulnerabilities specific to Java applications: Discussion of common threats targeting Java applications, such as injection attacks, XSS, and CSRF.
• Presentation of Java-specific vulnerabilities, such as those related to libraries and the sandboxing13 mechanism.

Day 2: Threat Models and Risk Analysis

• Identifying common threats in Java applications: Techniques for identifying threats specific to the Java environment, including vulnerabilities in popular frameworks such as Spring and Hibernate26.
• Risk analysis techniques and vulnerability prioritization: Methods for assessing the risks associated with identified threats, including the use of risk matrices to prioritize vulnerabilities4.

Day 3: Secure Design of Java Applications

• Secure design principles for Java applications: Exploration of design best practices that integrate security from the start of development, such as the principle of least privilege and defence in depth1.
• Secure Development Best Practices: Recommendations for avoiding common mistakes in Java development, such as secure use of APIs and proper exception handling3.

Day 4: Secure Development in Java

• Secure coding techniques: Approaches to secure code, including user input validation and error handling. Examples of vulnerable code and how to fix them23.

• Session security and authentication: Importance of strong authentication and secure user session management to prevent session hijacking4.

  Day 5: Security Testing and Tools

• Security testing tools and techniques for Java applications: Introduction to the tools used to test the security of Java applications, such as SonarQube for static analysis and OWASP ZAP for dynamic testing5.
• Static and dynamic code analysis: Differences between these two types of analysis, their importance in the secure development cycle, and how to integrate them into the CI/CD process6.
• Introduction to security standards (OWASP, ISO, etc.) applicable to Java applications: Presentation of the relevant standards that guide secure development and help ensure regulatory compliance1.
• Compliance process for developers: Steps required to ensure that development complies with applicable security standards.
• Analysis of real cases of vulnerable Java applications: In-depth study of cases where vulnerabilities have been exploited in known Java applications.
• Practical exercises to apply the concepts learned: Practical activities enabling participants to apply what they have learned through realistic scenarios.
• This structured programme provides an in-depth understanding of security issues in the development of Java applications, while integrating theory and practice.