Join our in person Smart Contract Hacking training at BlackHat Asia 2025

Secure Development Trainings

SCJ – DevSec Java Masterclass

“Java Secure Development Training for Professionals at the Apex of Code Security!”

Online

Trainers

Picture of Stefan Petrushevski

Stefan Petrushevski

Principal Security Consultant @ DCODX

“Build it, break it, fix it better!” is something I often say. I am a seasoned cybersecurity professional who has been in the field for more than a decade. I have a formal education in computer science and extensive experience in security evaluation, security research, and building secure products across multiple verticals. In recent years, my focus has been AppSec, where I’m working on bridging the gap between security and engineering teams, making security an interesting and enjoyable aspect of everyone’s life. Outside of the cyber world, I have an active lifestyle and enjoy sports. Currently, I am re-introducing music into my life, as it is the space where, aside from hacking, I express my creativity the best.

Course overview

Level up your Java secure coding skills with our immersive and hands-on Java DevSec Masterclass. Learn to detect and mitigate vulnerabilities seamlessly as part of your development process, ensuring your Java code remains secure. Highlights:
  1. Practical Exercises: Dive into real-world scenarios and hands-on exercises to identify and address vulnerabilities effectively.
  2. Security Auditing and Code Review: Learn to conduct thorough security audits and code reviews to uncover hidden vulnerabilities.
  3. Secure Development Lifecycle Integration: Integrate security practices throughout your development process using a structured SDLC approach.
  4. Industry Best Practices and Tools: Get acquainted with leading security tools and frameworks for Java secure development.
Join our Java DevSec Masterclass and become a security-savvy developer. Safeguard your code and stay one step ahead of cyber threats. Enroll today for a secure coding journey!

Syllabus

Secure coding introduction
Secure coding principles
From SDLC to SSDLC
OWASP Top 10 2021
Build your security requirements from OWASP ASVS
CVSS: how to rate vulnerabilities
Spring Security Framework
Authentication and Authorization in Spring
CSRF protection (Cross Site Request Forgery)
Password encryption in Spring
Dissecting (in)famous Java CVE
Log4j to Log4Shell (CVE -2021-44228)
Spring4Shell (CVE-2022-22965)
Authentication and Authotization attacks
LAB: IDOR (Insecure Direct Object Reference)
LAB: Path Traversal
LAB: CSRF (Cross-Site Request Forgery)
Spring actuators exploitation
LAB: LDAP injection and authentication bypass
Attacking Spring web applications
LAB: SQL injections
LAB: Command injection
LAB: Code and Object Injection
LAB: XML Injections
LAB: Server-Side Request Forgery
LAB: NoSQL injections
LAB: Local and remote file inclusion
LAB: Server Side Template Injections
All labs are executed locally
Vulnerable and Outdated Dependencies
Dependencies as graph
The importance of SCA (Static Component Analysis) and SBOM (Software Bill of Materials)
LAB: Detecting known vulnerabilities using Snyk
Integrate SCA and SBOM in the CI/CD pipeline
Detecting vulnerabilities in Java using SAST tools
Semgrep basics
Scanning your code using Semgrep
Semgrep automation in CI/CD