Secure Coding Rules for Java: Serialization

Video description

3+ Hours of Video Instruction

Secure Coding Rules for Java: Serialization LiveLessons provides developers with practical guidance for securely implementing Java Serialization.

Overview

Secure coding expert, Robert C. Seacord trains developers to understand Java serialization and the inherent security risks.  Seacord also demonstrates how to securely implement serializable classes and evaluate mitigation strategies and alternative solutions.

Java deserialization is an insecure language features that is widely used both directly by applications and indirectly by Java modules and libraries. Deserialization of untrusted streams can result in remote code execution (RCE), denial-of service (DoS), and a range of other exploits. Applications can be vulnerable to these attacks even when they are free from coding defects.

Related Titles:

Secure Coding Rules in Java: Part 1 LiveLessons (Video)
The CERT Oracle Secure Coding Standard for Java (Book)
Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (Book)

About the Instructor

Robert C. Seacord is a Technical Director with NCC Group where he works with software developers and software development organizations to eliminate vulnerabilities resulting from coding errors before they are deployed. Previously, Robert led the secure coding initiative in the CERT Division of Carnegie Mellon University’s Software Engineering Institute (SEI). Robert is also an adjunct professor in the School of Computer Science and the Information Networking Institute at Carnegie Mellon University. Robert is the author of six books, including The CERT C Coding Standard, Second Edition (Addison-Wesley, 2014), Secure Coding in C and C++, Second Edition (Addison-Wesley, 2013), The CERT Oracle Secure Coding Standard for Java (Addison-Wesley, 2012), and Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (Addison-Wesley, 2014). Robert is on the Advisory Board for the Linux Foundation and an expert on the ISO/IEC JTC1/SC22/WG14 international standardization working group for the C programming language.

Skill Level

  • Advanced

Learning objectives:

  • Understand Java object serialization
  • Understand serialization security risks
  • Understand deserialization vulnerabilities
  • How to securely implement serializable classes
  • Evaluate migration strategies
  • Evaluate alternative solutions

Who Should Take This Course

  • Experienced Java developers

Course Requirements

  • Understanding of programming and development
  • Experience with Java programming

About Pearson Video Training

Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Prentice Hall, Sams, and Que Topics include: IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at http://www.informit.com/video.

Product information

  • Title: Secure Coding Rules for Java: Serialization
  • Author(s): Robert C. Seacord
  • Release date: March 2018
  • Publisher(s): Pearson
  • ISBN: 0135225183