This course covers Java 9 tools JShell and JMH, designed to restore a Java engineer's flow by making it easy to explore your code base, experiment with solutions at a small scale, and roll the results into long-lasting applications with confidence.
Historically, Java engineers have been loathe to do small scale experiments during their coding because of the high ceremony of the Java language. There is so much overhead when all an engineer wants to write is a little one-line experiment that its often avoided. At the core, the JVM is so good at code optimization that experiments in the performance family are still more time consuming because of the immense number of false positives and noisy evidence that result. In this course, Micro-experimentation Tools in Java 9, you'll learn how to use JShell and JMH. First, you'll learn how to do more in-depth experimenting. Next, you’ll discover more about exploratory coding. Finally, you’ll explore how to find if your feedback loop is too slow for significant processes. When you’re finished with this course, you'll have a foundational knowledge of JShell and JMH that will help you as you move forward in restoring flow while using Java 9 micro-experimentation tools.
Like many software craftsmen, Josh eats, sleeps, and dreams in code. He codes for fun, and his kids code for fun! Right now, Josh works as a full-time committer on Spring Security and loves every minute.
Course Overview Hi, my name is Josh Cummings, and welcome to my course, Securing Java Web Applications. I work at a principal software engineer at Workfront and have developed in Java for over 15 years. It is both fascinating and sobering what an intrepid hacker can do to a system that appears to have no security flaws. Did you hear about the one where you could possible steal someone's Twitter sessions by submitting Chinese characters in the URL? In this course, we're going to take a look at that vulnerability and many others, and equip you with the knowledge that you need to code Java applications more securely, specifically focusing on input validation. Some of the major topics that we'll cover include cross-site scripting, log injection, SQL injection, and yes, NoSQL injection, cross-site request forgery, and malicious file upload. By the end of this course, you'll be able to think more like a hacker while you are coding, and you will have the undeniable itch to go review your own code for holes and flaws, and the best part is that you will have the tools and knowledge to make your code more secure. Before beginning this course, you should be familiar with at least the basics in Java, though a solid understanding of Java Web Applications will also be a big help. The demos are based in Java 8. Also, some of the demos are a bit more powerful with Docker, so take the time to familiarize yourself with that if you want to take full advantage of the code download. I hope you'll join me on this journey to learn secure coding in Java with the Securing Java Web Applications course at Pluralsight.
Prototyping with JShell Scripts Now you know all the nooks and crannies of JShell, and how it can aid in micro experimentation. This micro experimentation platform can also be leveraged to allow for the creation of datasets, scripts, and custom shells for interacting with the application that you're building. There are three specific ways that we'll cover in this module for how to turn our exploration into useful products themselves. First, we'll take the cat genealogy service and fashion an interactive portal through which operations, QA, and integration teams can interact with it. Quite literally, folks will be able to shell in to your application in a secure way to easily perform off-the-cuff diagnostics, experiments, and do their own exploratory coding within the scope of your service. Second, we'll look at the ability that JShell gives us to quickly create ad hoc datasets that afford more realistic testing and interaction with the cat genealogy service. And third, we'll look at the opportunity to use JShell as a scripting platform, by closing one of the gaps which JShell leaves open in the way of commandline input into the running script. We'll look at a few commandline tricks, as well as how to interact with the JShell API to accomplish this.