Exploiting and Securing Vulnerabilities in Java Applications

  • 4.6
Approx. 23 hours to complete
Save Course
Go to Course

Course Summary

Learn how to identify and exploit vulnerabilities in Java applications, as well as secure them against potential attacks.

Key Learning Points

  • Learn how to identify and exploit vulnerabilities in Java applications
  • Understand how to secure Java applications against potential attacks
  • Explore various attack vectors and techniques used by attackers

Related Topics for further study


Learning Outcomes

  • Identify and exploit vulnerabilities in Java applications
  • Secure Java applications against potential attacks
  • Understand various attack vectors and techniques used by attackers

Prerequisites or good to have knowledge before taking this course

  • Basic understanding of Java programming
  • Familiarity with web application development

Course Difficulty Level

Intermediate

Course Format

  • Online
  • Self-paced

Similar Courses

  • Web Application Security Testing
  • Penetration Testing and Ethical Hacking
  • Secure Coding Practices

Related Education Paths


Notable People in This Field

  • Cybersecurity Expert
  • Hacker

Related Books

Description

In this course, we will wear many hats. With our Attacker Hats on, we will exploit Injection issues that allow us to steal data, exploit Cross Site Scripting issues to compromise a users browser, break authentication to gain access to data and functionality reserved for the ‘Admins’, and even exploit vulnerable components to run our code on a remote server and access some secrets. We will also wear Defender Hats. We will dive deep in the code to fix the root cause of these issues and discuss various mitigation strategies. We do this by exploiting WebGoat, an OWASP project designed to teach penetration testing. WebGoat is a deliberately vulnerable application with many flaws and we take aim at fixing some of these issues. Finally we fix these issues in WebGoat and build our patched binaries. Together we will discuss online resources to help us along and find meaningful ways to give back to the larger Application Security community.

Knowledge

  • Practice protecting against various kinds of cross-site scripting (XSS) attacks.
  • Form plans to mitigate injection vulnerabilities in your web application.
  • Create strategies and controls to provide secure authentication.
  • Examine code to find and patch vulnerable components.

Outline

  • Setup and Introduction to Cross Site Scripting Attacks
  • Course Introduction
  • Overview of Resources and Tools for This Course
  • Setup and Introduction to Cross-site Scripting
  • Tips and Tricks to Use Git for Course and Project
  • How to Import WebGoat into IDE
  • How to Run WebGoat in a Docker Container
  • Injection Attacks: What They Are and How They Affect Us
  • Cross-site Scripting (XSS), Part 1
  • Protecting Against Cross-site Scripting (XSS), Part 2
  • Patching Reflected Cross-site Scripting (XSS), Part 3
  • Stored Cross-site Scripting (XSS)
  • Dangers of Cross-site Scripting (XSS) Attacks
  • A Note About Finding Lessons on WebGoat
  • Introduction to Labs (Peer Reviewed)
  • A Note From UC Davis
  • OWASP Cross Site Scripting Prevention Cheat Sheet
  • Note About Peer Review Assignments
  • Module 1 Quiz

  • Injection Attacks
  • Injection Attacks
  • Tutorial: Using a Proxy to Intercept Traffic from Client to Servers
  • SQL Syntax and Basics: Putting On the Attacker Hat
  • Solution to SQL Injection Attacks (SQLi)
  • SQL Injection Attacks: Evaluation of Code
  • XML External Entity (XXE) Attacks
  • Demo of an XML External Entity (XXE) Attack to Gain Remote Code Execution (RCE)
  • Evaluation of Code - XXE through a REST Framework
  • Solution: Evaluation of Code - XXE through a REST Framework
  • Patching the XXE Vulnerability
  • OWASP SQL Injection Prevention Cheat Sheet
  • OWASP XML External Entity Prevention Cheat Sheet
  • Module 2 Quiz

  • Authentication and Authorization
  • Authentication and Authorization
  • Introduction to Authentication Flaws in WebGoat
  • Authentication Bypass Exploit
  • Tips and Tricks for Burp Suite: Use Proxy to Intercept Traffic
  • Solution to Authentication Bypass: Evaluation of Code
  • Finding Vulnerabilities and Logical Flaws in Source Code
  • Introduction to JSON Web Tokens (JWT) and Authentication Bypass
  • Authentication Flaw JSON Web Tokens (JWT)
  • Solution Demo: Exploiting JSON Web Tokens (JWT)
  • Evaluating Code to Find the JSON Web Tokens (JWT) Flaw
  • Hint Video: (JWT) Patching the Vulnerable Code in WebGoat
  • Solution to Patch JWT Flaw
  • OWASP Transaction Authorization Cheat Sheet
  • A Beginner's Guide to JWTs in Java'
  • Module 3 Quiz

  • Dangers of Vulnerable Components and Final Project
  • Dangers of Vulnerable Components Introduction
  • Vulnerable Components (XStream Library)
  • Solution: Fixing Vulnerabilities with XStream
  • Introduction to Labs (Peer Reviewed)
  • Course Summary
  • Article: How Hackers Broke Equifax: Exploiting a Patchable Vulnerabil
  • Article: Exploiting OGNL Injection in Apache Struts
  • Note About Peer Review Assignments
  • Module 4 Practice Quiz

Summary of User Reviews

Learn how to identify and prevent vulnerabilities in Java applications with this comprehensive course on exploiting and securing. Users have given positive feedback on the practicality of the course, which covers relevant topics and provides hands-on experience.

Pros from User Reviews

  • The course is comprehensive and covers a wide range of topics.
  • The instructor is knowledgeable and presents the material in a clear and understandable way.
  • The course provides practical exercises and labs that help learners apply the concepts learned.
  • The course is up-to-date and covers the latest technologies and techniques for securing Java applications.
  • The course provides a good balance between theory and practice, making it suitable for both beginners and experienced developers.

Cons from User Reviews

  • Some users feel that the course is too basic and does not go into enough depth on some topics.
  • The course may not be suitable for advanced developers or security professionals looking for more advanced techniques and strategies.
  • Some users have reported technical issues with the course, such as broken links or outdated materials.
  • The course may be too time-consuming for some learners, as it requires a significant time commitment to complete all the exercises and labs.
  • The course may be too expensive for some learners, especially those on a tight budget.

Keywords

English
Available now
Approx. 23 hours to complete
Joubin Jabbari
University of California, Davis
Coursera

Instructor

Joubin Jabbari

  • 4.6 Raiting

Recommended for you

Recommended for you

see more

Hands-On Spring Security 5.x

  • 3.5

A hands-on guide to secure and prevent your web apps and RESTful services from being hacked using Spring Security 5. 1....

Save Course

Complete Ethical Hacking Bootcamp 2021: Zero to Mastery

  • 4.6

Learn Ethical Hacking + Penetration Testing! Use real techniques by black hat hackers then learn to defend against them! This course is focused on learning by doing....

Save Course

Linux Server Security - Protect system from getting hacked!

  • 0.0

A step by step guide to secure your Linux server with the help of efficient tools and techniques! Secure your Linux Server with firewalls and SSL encryptions....

Save Course

Exploiting and Securing Vulnerabilities in Java Applications

  • 4.6

In this course, we will wear many hats. We will also wear Defender Hats. We do this by exploiting WebGoat, an OWASP project designed to teach penetration testing....

Save Course
Cancel
Add new list
0/60
0/360
Cancel
Delete list

Are you sure you want to delete this list? This action will cause all your notes inside the list to be lost

Cancel Delete
Delete Course

Are you sure you want to delete this course? This action will cause all your notes inside the course to be lost

Cancel Delete
Share
Cancel Copy
Saved Course list
Cancel
Get Course Update
Computer Courses