All developers today are also DevSecOps engineers even if they are not aware of it. In this Bootcamp, you will learn how to secure cloud-native Java microservices. First, we will look into what are the common security risks for server-side applications. Then we will directly dive into the hands-on coding parts to see how we can mitigate those security risks in our own applications. Specifically, we'll see how the security patterns are implemented with the most widely used frameworks Spring Boot and Micronaut. In the last part, you will also learn how to deploy your applications securely as containers into a Kubernetes cluster.

Training content:

• OWASP Top 10 (Web Application Security Risks)
• OWASP Docker Top 10
• Securing Spring Boot applications
• Securing Micronaut applications
• Authentication and Authorization
• Basic Auth, MTLS, WebAuthn
• OAuth 2.0 and OpenID Connect
• Configuring HTTPS connections
• Encryption and password hashing
• Security response headers
• Defense against SQL injection, XSS, and CSRF
• Securing both blocking servlet-based and non-blocking reactive web applications
• Container- and Kubernetes Security
• Automated security tests

Target group

This security training specifically targets Java developers. Anyone involved in building cloud-native backend applications (e.g., Spring Boot or Micronaut) should participate.

Participant requirements

To participate in this Bootcamp, you should have development experience with Java backend applications. Familiarity with the basics of either Spring Boot or Micronaut would be helpful but is not required.

Hardware requirements

To participate in the hands-on lab sessions, participants need an internet-accessible laptop (having at least 8GB RAM) with a modern browser installed. In addition, the following software is required:

• A Java SDK (version 8 or 11)
• Any Java IDE
• A local Kubernetes cluster (Minikube with VirtualBox is recommended)

Maximum number of participants: 25