McCullough & Associates | Training | Consulting

(972) 712-7103

Securing JEE Applications - OWASP Top 10

Take this class

Click here to request this course on a different date.

This course is specifically designed to introduce your developers to common vulnerabilites, specifically those identified in the OWASP top 10 project. Now updated for 2013! There are many ways in which attackers can obtain data and exploiting vulnerabilities in custom application code is common.

This course guides the participant through security vulnerabilities from OWASP top ten list. The course explains the vulnerability, provides samples of the flaw, provides solutions to protect the application, and provides tests to check site security.

This course involves hand-on demonstrations and labs.


Participants should be experienced JSP developers.

Length: 2 days


  • PCI Data Security Standard (DSS)
  • Overview of the OWASP Project
  • Secure Coding Principles
  • Top Ten
    • Injection Flaws
    • Broken Authentication and Session Management
    • Cross Site Scripting
    • Insecure Direct Object Reference
    • Security Misconfiguration
    • Sensitive Data Exposure
    • Missing Function Level Access Controls
    • Cross Site Request Forgery
    • Using Components with Known Vulnerabilities
    • Unvalidated Redirects & Forwards
  • Best Practices
  • Whitelist vs Blacklist
  • Regular Expressions
  • Validation points & Frameworks
  • Threat Risk Modeling
  • Summary of E-Commerce Requirements
  • Phishing Attacks
  • Managing Access – Authentication & Authorization
  • Conclusion