$1,125 – $1,250

Secure Programming in Java, Sydney

Event Information

Share this event

Date and Time



elttam, The Commons

20-40 Meagher Street


Sydney, NSW 2008


View Map

Refund Policy

Refund Policy

Refunds up to 30 days before event

Event description


A hands-on training course about security vulnerabilities and analysing their impact in Java, using original attack and defense labs to illustrate root cause and remediation. Skills learned in this course will improve your daily software engineering and testing practices.

Practical security experience for Java developers

Stop hackers in their tracks by learning to develop secure code and avoid the most common (and frequently exploited) Java vulnerabilities.

In the elttam Secure Programming in Java (SPIJ)® course you’ll learn how to identify, exploit, and fix Java security vulnerabilities at their root cause: in the code.

SPIJ covers real-world scenarios with students applying the theory to test their skills and tackle common Java security vulnerabilities in hands-on modules. Our instructors will guide learners through identifying, assessing and patching vulnerabilities in practice code, based on real examples that are regularly (and recently) found in the wild.

By the end of this training, students of all Java skill levels will have a solid security foundation to incorporate into their software design, implementation, and testing lifecycle.

Learning Objectives

Students of the elttam Secure Programming in Java ® course will:

  1. Become a security champion for their team
  2. Learn secure programming with hands-on attack and defence exercises
  3. Attempt attack-based unit tests that measure their defensive capability against others in the class
  4. See new vulnerability classes not covered in OWASP Top 10 training activities
  5. Deep dive into technology and framework security for the embedded, mobile, and web space
  6. Learn new security-focused code review techniques.

Our Approach


Students will learn the theory behind important security topics, giving them a grounded understanding of the issues involved. Regularly updated and revised, this course ensures that modules are aligned with what matters most in today’s Java development world and addresses issues developers will be facing in the real world.


Students will put their skills to the test in a series of practical exercises where they’ll work to secure vulnerable code from malicious attackers. The instructor will guide students, step-by-step to reach the objective of each exercise – which often involves patching code to remove entire vulnerability classes.


It’s easy to feel overwhelmed by the sheer quantity of information available on security testing; that’s why we provide students with a hand-picked set of references for further study.

Course Syllabus

Introduction and Hello World

Warm up with some general Java security theory. Students will log in to the build environment ready for the hands-on exercises scheduled for the rest of the day.

Language Specific

Learn about different kinds of security vulnerabilities affecting Java code, including primitive numeric data types, denial of service attacks, serialisation attacks, and cryptography.

We’ll cover the latest and greatest in Java security vulnerabilities and teach you how to identify, analyse and neutralise these threats. We’ll drill down into topics such as:

  • Primitive Numeric Data Types
    • What are primitive numeric types?
    • How does the JVM represent these types?
    • Numeric overflows and underflows
    • Narrowing conversions
    • Special numbers and two's complement
  • Denial of service
    • Network vs Algorithmic complexity attacks
    • A quick look at big-O notation
    • XML quadratic and exponential entity expansion
    • HashDoS
    • ReDoS
    • Decompression bombs
  • Binary Serialisation
    • What is binary serialisation? How is it different to JSON or XML?
    • Content tampering attacks
    • Malicious object injection and code execution
    • JEP-290 mitigations
  • Cryptography
    • Pseudo-random number generators
    • Hash length extension attacks
    • HMAC weak keys
    • Key Stretching
    • Side Channel attacks

Generic Web

Gain insight into the unique challenges facing Java web development and check out examples built upon the most popular frameworks used today. Deep dive into vulnerabilities like access control, resource handling, injection, and output encoding.

Secure Software Development

Look into the benefits and limitations of manual code reviews, peer code reviews, automated static analysis, and build and dependency management, and analyse the efficacy of all patches developed during the course.

Course Prerequisites

To get the most out of this course, students should have at least a basic to intermediate understanding of Java and some practical experience in programming.

There are no special software or configuration requirements for the class, elttam will provide each student with their own dedicated computer environment which will be accessed over remote desktop.

Student Testimonials

“Daniel was very approachable and hands on during the presentation. Always willing to help. The pace was perfect for learning.”

- Software Engineer, Federal Government

“Loved the structure (example > theory > lab). Was really helpful and engaging. The real-world examples were really helpful for seeing the great relevance of the material. Loved the unit testing approach to secure programming. Made it really easy to follow along and do the work.”

- Software Engineer, Federal Government

“Thanks! I really enjoyed the labs. In particular, the "fix it" test driven approach is a pragmatic way to understand and learn how to mitigate vulnerabilities. The content available as a git repo is also great”

– Security Architect, Federal Government


Why is the course delivered over two days?

The course is very rich in content and we've found the best result is achieved by splitting the delivery into two half days, this way, there is enough time for students to comprehend the topics and be able to ask follow-up questions.

What is included in the ticket?

  • Two half days of instructor lead class
  • Access to local and online elttam training lab, hacking contest and internet
  • Lunch, tea and coffee

What do I need to bring?

  • A laptop (OSX, Linux, or Windows) with a remote desktop protocol client installed
  • If your laptop doesn't have an ethernet port, please bring an ethernet adapter

How can I buy more than two tickets?

Email us at hello@elttam.com.au

Can I request a private course for my company?

Yes you can, we customise and tailor our course content for our enterprise customers to be specific to their organisation and technology teams. We also issue student evaluation reports and benchmark training results against industry peers. For more information, email us at hello@elttam.com.au

Do you have any other security courses?

Yes, visit https://www.elttam.com.au/training

What are my transport options for getting to and from the venue?

  • 10 minute walk from Central Station
  • 10 minute walk from Redfern Station
  • 20 minute drive from Sydney Airport

How can I contact the organiser with any questions?

Feel free to email us at hello@elttam.com.au

Share with friends

Date and Time


elttam, The Commons

20-40 Meagher Street


Sydney, NSW 2008


View Map

Refund Policy

Refunds up to 30 days before event

Save This Event

Event Saved