Security a top priority for Java developers, says Infosec Skills author Larry Ricker
If you have ever ordered an item on Amazon, hailed a ride through Uber, booked a room on Airbnb, listened to music or a podcast on Spotify, watched a film or program on Netflix, posted photos on Instagram, pinned an item on Pinterest or looked up something on Google, then you’ve used Java.
In short, Java is the programming language that makes thousands of applications and websites work seamlessly.
First introduced by Sun Microsystems in 1995 and now a product of Oracle, Java is the world’s top programming language, running everything from scientific supercomputers, data centers and e-commerce websites to cell phones, game consoles and online banking.
What should you learn next?
Larry Ricker has been writing code in Java since it came out. As a senior software developer with a top-secret clearance at a major government contractor, he is intimately familiar with the language and how to make sure customer information remains secure.
“Security has grown since the internet and it's a need that has been an issue created by the internet,” says Ricker, who recently released a Writing Secure Code in Java Learning Path in Infosec Skills. “If you’re doing any programming or writing an app and are in an environment with customers, you’re collecting people’s information and you need to protect it.”
Learn Java security from an expert
Ricker has more than 20 years of professional experience, having led teams and created software using Java for tech companies across the U.S. He’s also developed 19 applications for the iPhone and iPad.
That makes him uniquely qualified to help train the next generation of Java developers.
“You have to be aware of cross-site request forgery and attacks that people can use to attack software,” says Ricker. “So now when I'm doing secure code reviews and looking over people's code, I'm a lot more keen on what they might be doing that might open up a vulnerability or a susceptibility to attack.”
Vulnerable code leads to attacks
Earlier this year, an ethical hacker breached the systems of a who’s who of technology companies, including Apple, Microsoft, Netflix, PayPal, Shopify, Tesla and Uber by exploiting open-source development tools.
The code developed by security researcher Alex Birsan was injected into common tools for installing dependencies in developer projects. The vulnerability he exploited was detected inside more than 35 organizations across three programming languages — Python, Ruby and Java. Birsan received more than $130,000 in both bug bounties and pre-approved arrangements with targeted organizations, all of whom agreed to be tested.
Last year, the SolarWinds hack affected an estimated 18,000 of the company’s customers who downloaded a software update with malicious code believed to have been inserted by Russian agents. More than 100 companies including Microsoft, Intel and Cisco were compromised. So were federal government agencies including the Treasury, Justice, Energy and Defense departments.
“It was genius on the part of the hackers to get that software in there and get it into so many corporations and government agencies. They picked a really good place to deliver their payload,” says Ricker. “They created a backdoor that is getting a lot of focus, unfortunately, after the fact.”
Get your free course catalog
Privacy laws put emphasis on security
Privacy laws are tightening because of the massive amounts of personal information gathered by organizations and through social media. The European Union passed rules to protect people’s privacy and impose severe penalties for violating people’s privacy.
“Europeans were very interested in their privacy and protecting their privacy while Americans are more open, but I see that changing very quickly,” says Ricker. “I think you're going to see that probably result in new legislation. And maybe it will mirror GDPR, which is covered in the training.”
Ricker says that whether or not new laws are passed, the impact on organizations is real.
"As developers and coders, we are collecting vast amounts of personal information and we have to protect it,” he says. “It goes right up to the design level, you’ve got to think about it right from the get-go. I know that certain platforms collect a lot of information for marketing purposes, but that's going to expose them to liability. So I think everybody needs to be aware of security in this environment.”
Build your Java security skills
Ricker’s new learning path takes you on a journey through the challenges and opportunities of writing secure code in Java.
Seven courses cover topics ranging from network models and protocols to malware to security best practices — all related to how they affect your work in Java:
- Introduction to Java: Learn about input validation, RegEx and how to mitigate the risk of denial-of-service attacks.
- Injection Attacks: Get an overview of common injection attacks and how to mitigate them through validation and encoding.
- Authentication: Explore authentication systems and the components required to secure a system.
- Sensitive Data: Learn about sensitive and non-sensitive data, personally identifiable information and what is protected by privacy laws.
- Input Output: Review inputs and outputs to your system and how to move data securely.
- Website Security: Dive into security issues, including cross-site request forgeries, session management and constructing filters to protect your website.
- Malware: Explore ways to mitigate the risks of malware through formalized code reviews
You’ll then put your skills into action with hands-on labs in our Java secure coding cyber range — and a hands-on project.
Who should learn Java security?
This learning path is for anyone wanting to build their Java security skills. While software developers are the primary audience for this learning path, recent graduates with degrees in IT also will benefit.
“In this environment, even a newbie fresh out of college really needs to start diving into security almost immediately,” says Ricker.
“I don't remember ever taking a class on security when I was in school 30 years ago. But my son, who recently graduated, had multiple courses in different realms of security as part of his computer science degree. Security is vitally important in today’s world and it’s only going to be more so.”
FREE role-guided training plans
Sources
- What is Java and why do I need it?, Oracle
- What Is Java? A Beginner’s Guide to Java and Its Evolution, Edureka!
- A 'Worst Nightmare' Cyberattack: The Untold Story Of The SolarWinds Hack, NPR
- Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple, ThreatPost
- 5 Best Programming Languages For Hacking, Techworm
- Expert instruction
- Hands-on labs
- Unlimited access
In this Series
- Security a top priority for Java developers, says Infosec Skills author Larry Ricker
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity