Your users' usernames and passwords are the keys to the kingdom. Watch and apply this course in order to approach authenticating and managing secure data in Java web applications with greater confidence.
How long would your users' usernames and passwords survive an attack? In this course, Security Java Web Applications Using Authentication, you will gain the ability to detect and mitigate authentication vulnerabilities. First, you will detect enumeration vulnerabilities. Next, you will find brute force ones. Then, in plaintext. Finally, you will explore how to securely log in order to detect attacks at runtime. When you're finished with this course, you will have the Application Security skills and knowledge needed to securely authenticate users.
Like many software craftsmen, Josh eats, sleeps, and dreams in code. He codes for fun, and his kids code for fun! Right now, Josh works as a full-time committer on Spring Security and loves every minute.
Course Overview Hi everyone. My name is Josh Cummings, and welcome to my course, Securing Java Web Applications Using Authentication. I'm a full-time Springs Security committer over at Pivotal, and I love talking about application security. Just recently, WordPress experienced its largest distributed online bruteforce attack on record at 135, 000 WordPress sites. The attack clocked in at 196, 000 attempted logins per second. How do you think your app would hold up to that kind of on slot. In this course, we're going to talk about it. We'll talk about bruteforce, enumeration, plain text attacks, and more. Some of the major topics that we'll cover include why you need to do more than just be ambiguous with your error messaging, how to inform a user that their account is locked out without also letting the hackers know, the nooks and crannies where plaintext passwords like to lurk in your application, and why most password strength requirements give a false sense of security and what to do about it. By the end of this course, you'll know how to keep your user account details secure and how to listen for problems with them down the road. You'll understand that secure login is a lot more than just HTTPS. Before beginning the course, you should be familiar with Java Servlets at the very least. However, a knowledge of Gradle, Selenium, Mockito, Spring Boot, and Spring Security will also be helpful, especially if you're following along with the demos in your IDE. You might also get some benefit by starting with Securing Java Web Applications, my first course in the series, though, this course does not assume that you've already taken that. I hope you'll join me on this journey to learn application security with the securing Java Web Applications Using Authentication course, at Pluralsight.