Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

Java is a widely used alternative to Microsoft ASP.NET for contemporary object-oriented web application design. Although it is founded on and extensively deployed as open source software, it is widely packaged in commercial offerings from major IT software suppliers. The Java Enterprise Environment (Java EE) environment is a double edge sword, providing extensive design flexibility, but…offset by the risks of complexity and often unstructured deployments, differing widely from supplier to supplier. As compared to Microsoft, Java EE also lacks focused industry guidance on security and audit best practices

In this unique, information packed webinar, you will learn a structured approach to auditing the security of typical Java EE web application. You will cover all key application building blocks of a “typical” web application built with Java technologies, as well as common security risks, safeguards, and audit procedures. Sample configuration files and screens will be used to demonstrate audit data collection targets. In addition, you will receive a modularized audit checklist for each major application building block/control point, based on a composite of industry Java EE security guidance.

This is a companion course to Cybersecurity Audits of Modern Web Applications. It is recommended that this course should be scheduled to follow the Modern Web Apps course.

Course Outline

  • Demystifying the Java EE environment: Identifying the control points, common application building blocks…and the Java terminology
  • Auditing the web storefront: Apache web server security, Apache Tomcat
  • Reviewing the security features and audit control points of a sampling of prominent Java EE application/middleware servers
  • Protecting the Database server, mainframe, and Enterprise Information System (EIS) network connection controls
  • Summary of tools and techniques for testing Java

Additional Information

Who Should Attend
  • Information Security Managers, Analysts, and Architects
  • IT Management
  • IT Architects
  • System Administrators/Software Engineers
  • Consultants
Learning Level






Advanced Preparation


Recommended Prerequisites

CyberSecurity Audits for Modern Web Applications (CY02) or equivalent web application knowledge. A basic understanding of IT application audit controls and terminology is assumed.

Session Duration


On Site: 1 day

CPE Credits: 8