JAVA

Combined C/C++, Java and Web Application Security

Course Outline
  1. IT security and secure coding :
  2. General security vs. IT security
  3. IT security related terms
  4. Definition of risk
  5. Specialty of information technology security
  6. Different aspects of IT security
  7. Requirements of different application areas
  8. IT security vs. secure coding
  9. Building a secure system
  10. From vulnerabilities to botnets and cyber crime
    • Nature of security flaws
    • Reasons of difficulty
    • From your computer to attacks against critical targets
    • Cyber-crime ¡V an organized network of criminals
  11. Classification of security flaws
    • Landwehr’s taxonomy
    • The Fortify taxonomy
    • Vulnerability categories-Seven Pernicious Kingdoms
    • OWASP Top Ten (2013 release candidate)
  12. Security relevant C/C++ programming bugs and flaws :
  13. Common security vulnerabilities
    • Programming bugs
    • Exploitable security flaws
  14. Combined C/C++, Java and Web application security:
  15. Protection principles
    • Protection methods
    • Specific protection methods
    • Protection methods at different layers
    • The PreDeCo matrix x86 machine code, memory layout, stack operations
  16. x86 machine code, mmory layout, stack operations
    • Intel 80×86 Processors-main registers
    • Intel 80×86 Processors-most important instructions
    • Intel 80×86 Processors-control instructions
    • Intel 80×86 Processors-stack handling instructions
    • The memory address layout
    • The stack
    • The function calling mechanism in C/C++ on x86
    • Calling conventions
    • The local variables and the stack frame
    • The stack frame during a function call
    • Stack frame of nested calls
    • Function calls-prologue and epilogue of a function
    • Buffer overflow Stack overflow
  17. Stack Overflow
    • Buffer overflow on the stack
    • Overwriting the return address
    • Localizing the position of the return address
    • Exercise BOFIntro
    • Exercise BOFShellcode
  18. Protection against stack overflow
    • Stack Overflow -Prevention (during development)
    • Stack Overflow-Detection (during execution)
    • Buffer Security Check / stack smashing protection (/GS)
    • Exercise BOFCookie ¡V Using Buffer Security Check
    • Using Buffer Security Check (/GS)
    • Effects of Buffer Security Check in the code
    • The security_check_cookie() function
    • Bypassing stack smashing protection ¡V Overwriting arguments
    • Exercise BOFCookie-Circumventing /GS by using Write What Where
    • Overwriting arguments – Mitigation
    • Stack overflow- Anti-exploit techniques
  19. Address Space Layout Randomization (ASLR)
    • Stack randomization with ASLR
    • Address Space Layout Randomization (ASLR)
    • Software ASLR
    • Bypassing ASLR on the stack: NOP sled
  20. Data Execution Prevention
    • Virtual Memory Management related protection
    • Virtual Memory Management- Access Control
    • Data Execution Prevention (DEP)
    • Using Data Execution Prevention
    • Exercise DEP
  21. Day 2
  22. Return-to-libc attack ¡V circumventing DEP
    • Arc injection / Return-to-libc attack
    • Exercise Return-to-libc
    • Multiple function calls with return-to-libc
  23. Heap overflow
    • Memory allocation managed by a doubly-linked list
    • Buffer overflow on the heap
    • Steps of freeing and joining memory blocks
    • Freeing allocated memory blocks
  24. Protection against heap overflow
    • Heap overflow- Prevention (during development)
    • Heap overflow-Detection (during execution)
    • Heap overflow – Anti-exploit techniques
    • Mixing delete and delete[]
  25. Integer problems in C/C++
  26. Representation of negative integers
  27. Integer representation by using the two’s complement
  28. Integer ranges
  29. The integer promotion rule in C/C++
  30. Arithmetic overflow – spot the bug!
  31. Exercise IntOverflow
  32. So why ABS(INT_MIN)==INT_MIN?
  33. Signedness bug – spot the bug!
  34. Consequences of signed/unsigned integer promotion
  35. Widthness integer overflow- spot the bug!
  36. Exercise GDI
  37. Exercise Board
  38. Integer problem mitigation
    • Avoiding arithmetic overflow- addition
    • Avoiding arithmetic overflow- multiplication
    • The SafeInt class
    • Other C compatible libraries
  39. Printf format string bug
  40. Printf format strings Printf format string bug-exploitation
  41. Exercise Printf- the printf format string bug
  42. Printf format string exploit- overwriting the return address
  43. Exercise PrintfExploit – exploiting the printf format string bug
  44. Mitigation of printf format string problem
    • Printf format string bug – Prevention (during development)
    • Printf format string bug-Detection (during execution)
    • Printf format string bug-Anti-exploit techniques
  45. Other common security vulnerabilities
  46. Array indexing ¡V spot the bug!
  47. Unicode bug
  48. Other security flaws
  49. Miscellaneous flaws
    • An example information leakage
    • Serialization errors (TOCTTOU)
    • Temporary files / a C++ TOCTOU vulnerability
    • Risks using signaling mechanisms
  50. File I/O risks
    • Directory Traversal Vulnerability
    • Symbolic Link Vulnerability
  51. RSA timing attack
    • Introduction to RSA algorithm
    • Implementation of encoding/decoding in RSA
    • Fast exponentiation
    • Differences in execution times
    • RSA timing attack
    • Measurements
    • RSA timing attack ¡V principles
    • Correlation of total and partial execution times
    • RSA timing attack ¡V in practice
    • The RSA timing attack algorithm
    • Practical exploitation using the RSA timing attack
    • Attacking SSL servers
  52. Mitigation of side channel attacks
    • Blind signature
  53. Advices and principles
  54. Matt Bishop’s principles of robust programming
  55. The security principles of Saltzer and Schroeder
  56. Knowledge sources
  57. Secure coding sources- a starter kit
  58. Vulnerability databases Recommended books- C/C++
  59. Summary and takeaways
  60. Day 3
  61. Java security overview
  62. Java platform security overview Java security in brief
  63. Java applet security
  64. Java Web Start security
  65. Java ME security architecture
  66. Java Card security architecture
  67. Foundations of Java security
  68. The Java environment
  69. Java security
  70. Low-level security-the Java language
    • Java language security
    • Access modifiers
    • Type safety
    • Automatic memory management
    • Java execution overview
    • Bytecode Verifier
    • Class Loader
    • Protecting Java code
  71. High-level

Duration: 32 Hours
Course Fee: INR. 30000 + Tax


Enterprise JavaBeans (EJB) Training: Introduction to EJB

Course Outline
  1. Introduction
    • Overview of EJB and Java Persistence API (JPA)
    • Goals of EJB, EJB in the Java EE architecture
    • EJB 3.1 Overview
    • Session Beans, Persistent Entities, Message Driven Beans
  2. Session Beans
    • Session Bean Overview
    • Services provided, Stateless and Stateful Beans
    • Defining a Session Bean – EJB 3 Annotations
    • The Bean Implementation, Remote and Local Business Interface
    • Packaging and Deployment
    • ejb-jar file, Deployment Descriptors in EJB 3
    • EAR file
    • The EJB Container
    • JNDI Overview
    • Distributed Naming and Lookup
    • Context and InitialContext
    • Using JNDI
    • Writing an EJB 3 Client
    • Client View of a Session Bean
    • PortableRemoteObject and Casting
    • Running the Client
  3. Additional Capabilities
    • Resources and Dependency Injection
    • EJB referencing another EJB
    • Referencing Resources, Environment Entries
    • Connection Factories (DataSource and others)
    • Session Bean Lifecycle and Interceptors
    • Stateless Session Bean Lifecycle
    • Business Method Interceptors, InvocationContext, Lifecycle Callback Interceptors, Interceptor Classes
    • Stateful Session Beans
    • Overview
    • Defining, Client Relationship
    • Lifecycle, Activation, Passivation
    • Timer Service
    • Overview and usage
  4. Message-Driven Beans
    • Overview of Messaging Systems
    • Messaging, Loose Coupling
    • Pub/Sub, Point2Poin
    • Overview of JMS API
    • Overview and Structure
    • ConnectionFactory and Destination
    • JMS Producer and Consumer Client example
    • JMS Messages
    • Message-Driven Beans (MDB)
    • Overview and Goals
    • @MessageDriven and MDB example
    • Configuring with activationConfig
    • State Diagram and Interceptors
  5. Transactions and Security
    • Overview of Transactions and Transactional Systems
    • ACID, Tx Lifecycle, Tx Manager, Transactional Objects
    • Transactions in EJB 3
    • Declarative Transaction Management
    • Transaction Attributes and Transactional Scope
    • Transaction Scenarios and Bean-Managed Tx
    • Security
    • Java EE Security Overview (Role-based)
    • @RolesAllowed, @PermitAll
    • Programmatic Security
  6. Exceptions
    • Exception Overview
    • Checked and Unchecked Exceptions
    • Exceptions in EJB 3
    • Application Exceptions, System Exceptions
    • EJB 3 Best Practices
    • When to Use, Coarse-Grained Business Interfaces, Session Facade, Transaction Guidelines, Clusterin
  7. Introduction to Java Persistence API (JPA)
    • Overview
    • Persistence Layers, Object-Relational Mapping (ORM), JDBC
    • JPA Overview
    • Mapping with JPA
    • Entities and @Entity, ids and @Id
    • Generated Id Values
    • Basic Mapping Types
    • EntityManager
    • Persisting to the DB, the EntityManager,
    • Persistence Units and Configuration
    • Injecting an EntityManager
    • Retrieving Persistent Entities
  8. Updates and Queries
    • Inserting and Updating
    • Transient, Persistent, Detached, Removed
    • Persisting new Entities, Updating a Persistent Instance
    • Querying and JPQL
    • Object Based Queries, Select statements, WHERE clause
    • Named Queries
    • Versioning and Optimistic Locking
    • Detached Instances
    • Versioning and Optimistic Locking in EJB 3
  9. Entity Relationships
    • Relationships Overview
    • Object Relationships, Participants, Roles, Directionality, Cardinality
    • Relationship Mapping
    • Mapping Overview (1-1, 1-N, N-1, N-N)
    • Unidirectional and Bidirectional
    • Mapping One-One, One-Many and Many-Many
    • Join Columns
    • Relationship Inverses
    • Lazy and Eager Loading
    • Cascading
    • Queries Across Relationships (Inner Joins, Outer Joins, Fetch Joins)
    • JPA
    • Inheritance Mapping
    • Entity Inheritance
    • Single Table, Joined (Table per Subclass), Table per Concrete Class
    • Pros and Cons
  10. Additional JPA Capabilities
    • Queries – Projection, Aggregate, Bulk Update/Delete
    • Embedded Objects
    • EJB 3 and Java SE
    • Best Practices
    • Primary Keys, Named Queries, Lazy/Eager Loading, Transactional Semantics, Encapsulation, Report Queries
  11. Conclusion

Duration: 32 Hours
Course Fee: INR. 30000 + Tax


Java Fundamentals for Android Development

Course Outline
  1. Lesson 1: Java Basics
    • Introduction
    • Java programming language
    • Java Virtual Machine
    • JDK and JRE
    • Setting up your machine for Java programming
    • Hello World in Java
    • Using a text Editor
    • Using an IDE
    • Java Primitive Data Type
    • Naming
    • Arrays
    • Control Flow
    • If/Else and Switch
    • Switch statement
    • While loop
    • For Loop
  2. Lesson 2: Object Oriented Programming
    • Introduction
    • Object Oriented Programming
    • Objects
    • Classes
    • Inheritance
    • Interface
    • Access Modifiers
    • Constructors
    • Method overriding and overloading
    • Polymorphism
  3. Lesson 3: Java Topics
    • Introduction
    • Java Collections
    • Interfaces
    • Implementations
    • Enumerated types
    • Serialization
    • Deserializing

Duration: 24 Hours
Course Fee: INR. 25000 + Tax


Java OCA & OCP

Course Outline
  1. Java Runtime Environment
    • Java Virtual Machine
    • Java 2 Software Development Kit
  2. Data Types, Variables, and Operators
    • Data Types
    • Declaring Variables
    • Variable Scope
    • Casting
    • Operators
    • Automatic Casting
  3. Control Statements
    • Code Blocks
    • Conditional Statements
    • Iterative Statements (Loops)
  4. Methods
    • Java Methods
    • Return Statements and Calling Methods
    • Parameters, Pass by Value, Overloading
  5. Arrays
    • Initializing and Using Arrays
    • Objects
    • Passing an Array to a Method
    • Garbage Collection
    • Command Line Parameters
  6. Classes and Objects
    • Object-Oriented Programming
    • Instance and Class Members
    • Abstraction
    • Object References
  7. Inheritance
    • What is Inheritance?
    • Overriding Methods
    • Overridden Methods and Variables
  8. Constructors
    • Using Constructors
    • The Keyword this
    • Constructor Processes and Callbacks
    • Strings and StringBuffer
  9. Interfaces and Abstract Classes
    • Interfaces
    • Polymorphism
    • Abstract Classes
  10. Garbage Collection
    • Recognize the point in a piece of source code at which an object becomes eligible for garbage collection
    • Write code that explicitly makes objects eligible for garbage collection
    • State the behavior that is guaranteed by the garbage collection system
  11. Packages and Access Modifiers
    • Introduction to Packages and Access Modifiers
    • Java 2 API
    • Encapsulation
  12. Fundamental Classes in the java.lang Package
    • Write code using the following methods of the java.lang.Math class: abs, ceil, floor, max, min, random, round, sin, cos, tan, sqrt
    • Describe the significance of the immutability of String objects.
    • toHexString
    • toString
    • getXxx
    • parseXxx
    • longValue
    • intValue
    • floatValue
    • doubleValue
  13. The Collections Framework
    • Make appropriate selection of collection classes/interfaces to suit specified behavior requirements
    • Distinguish between correct and incorrect implementations of hashcode methods
  14. Inner Classes
    • Creating instance of inner class
    • Anonymous Inner class and its use
    • Member Inner class
    • Use of inner class
  15. Exceptions
    • Handling Exceptions
    • Creating User-Defined Exceptions
    • Exception Handling Tips
    • Exceptions and Inheritance
  16. Creating Threads and Thread Methods
    • How Operating Systems Handle Multitasking
    • Types of Threads in Java
    • Creating Threads
    • Thread Methods
  17. Thread Synchronization
    • Thread Synchronization and Racing
    • Synchronized and the Object Monitor
    • Thread Race Conditions
    • Sophisticated Thread Synchronization
    • Stopping, Suspending and Resuming Threads
    • Deadlocks
  18. Streams and Serialization
    • InputStream, OutputStream, Reader and Writer Files
    • Stream Classes of java.io.*
    • Serialization
  19. Java 7 Threads:
    • Locks
    • Executors
    • Concurrent Collections
    • Fork/Join Framework
  20. Java 7 – Java Database Connectivity:
    • Connecting to the Database
    • JDBC statements
    • ResultSets
    • RowSets
    • Commit, Rollback, Savepoints
  21. Java 7 – NIO/2:
    • FileSystem
    • Paths
    • File Operations
    • Directory Tree Traversals
    • Directory Watch Services

Duration: 60 Hours
Course Fee: INR. 60000 + Tax


Java SE 8 Fundamentals NEW

Course Outline
  1. Write Java code that uses variables, arrays, conditional and loop constructs
  2. Manipulate primitive numeric data and string data using Java operators
  3. Create Java classes and use object references
  4. Access the fields and methods of an object
  5. Manipulate text data using the methods of the String and StringBuilder classes
  6. Use casting without losing precision or causing errors
  7. Declare, override, and invoke methods
  8. Access and create static fields and methods
  9. Use classes from the java.time and java.time.format packages to format and print the local date and time
  10. Encapsulate a class using access modifiers and overloaded constructors
  11. Define and implement a simple class hierarchy
  12. Demonstrate polymorphism by implementing a Java Interface
  13. Use a Predicate Lambda expression as the argument to a method
  14. Handle a checked exception in a Java application

Duration: 40 Hours
Course Fee: INR. 40000 + Tax


Java SE 8 Programming

Course Outline
  1. Create Java technology applications with the latest JDK Technology
  2. Develop your object-oriented skills
  3. Identify good practices in the use of the language to create robust Java application
  4. Use Lambda expressions in Java applications
  5. Store and manipulate data using collections
  6. Manipulate files, directories and file systems
  7. Connect to databases using standard SQL queries through JDBC
  8. Create high-performance multi-threaded applications

Duration: 40 Hours
Course Fee: INR. 40000 + Tax