RSS feed logo header graphic

Black Hat USA 2009 4-day Training Session

July 25-28

Secure Coding for Java EE

Aspect Security


Training developers on secure coding practices offers one of the highest returns on investment of any security investment by eliminating vulnerabilities at the source. Aspect’s Java EE Secure Coding Training raises developer awareness of application security issues and provides examples of ‘what to do’ and ‘what not to do.' The class is lead by an experienced developer and is delivered in a very interactive manner.

This class includes hands-on exercises where the students get to perform security analysis and testing on a live Java EE web application. This specially designed environment includes deliberate flaws the students have to find, diagnose, and fix. The class also uses Java EE coding exercises to provide students with realistic hands-on secure coding experience. Students gain hands-on experience using freely available web application security test tools to find and diagnose flaws and learn to avoid them in their own code.


Aspect Security has been working with development teams around the country for years to help them identify, diagnose, and address security issues throughout the application development lifecycle. Through these efforts, they have learned the key practices that development and project managers, and key support personnel must know to achieve secure applications.

Aspect’s instructors are full-time application security specialists that spend the majority of their time working with clients to secure the nation’s most critical applications. Leveraging this practical experience brings the class to life. Students will gain valuable insight into lessons learned from other development organizations. Our instructors also make themselves available to you for application security questions after the course is complete.

Aspect is a founding OWASP Member and supports several OWASP projects. In particular, Aspect conceived the OWASP Top Ten project and led the effort to build the document. We also built WebGoat, ESAPI, Stinger, and CSRFGuard and donated them to the OWASP effort. Aspect personnel assist with the management of the OWASP Foundation and help run the OWASP AppSec conference series.

Michael Coates is a Senior Application Security Engineer at Aspect Security. For the past five years Michael has focused on application and network based penetration assessments of major businesses in the financial and telecommunications markets. These penetration assessments include external assessments against Web applications, network infrastructures, and perimeter hosts via the Internet, as well as onsite penetration focusing on internal attacks against business critical systems. In addition, Michael has a strong background in incident response for global networks and regulatory compliance including FISMA, DIACAP, GLBA, SOX, and HIPAA. Michael is also an instructor in Aspect’s portfolio of Application Security Courses.

In the short time that Michael has joined the Aspect Security team of instructors, he has accomplished several training engagements with one of our longest standing customers. Michael has delivered classes aimed at managing, building and testing secure web applications, both at the managerial level as well as the developer level. A few remarks from his students include: “I really enjoyed the class. It has opened my eyes to another arena of technology and how we are at risk and “It is a great chance to take this course. Every developer needs this training”

Super Early:
Ends Mar 15
Ends May 1

Ends Jul 1

Ends Jul 22







Black Hat Webcasts

Black Hat Social

About Black Hat | Privacy Policy | Sponsorship Inquiry | DEFCON | Black Hat Main RSS Feed