Securing Java Web Applications Through Authentication

Your users' usernames and passwords are the keys to the kingdom. Watch and apply this course in order to approach authenticating and managing secure data in Java web applications with greater confidence.
Course info
Level
Intermediate
Updated
Sep 21, 2018
Duration
2h 21m
Table of contents
Introduction
Identifying and Mitigating Enumeration Vulnerabilities
Identifying and Mitigating Brute Force Vulnerabilities
Identifying and Mitigating Plaintext Vulnerabilities in Transit
Identifying and Mitigating Plaintext Vulnerabilities at Rest
Creating an Audit Trail for Security Events
Course Overview
Description
Course info
Level
Intermediate
Updated
Sep 21, 2018
Duration
2h 21m
Description

How long would your users' usernames and passwords survive an attack? In this course, Security Java Web Applications Using Authentication, you will gain the ability to detect and mitigate authentication vulnerabilities. First, you will detect enumeration vulnerabilities. Next, you will find brute force ones. Then, in plaintext. Finally, you will explore how to securely log in order to detect attacks at runtime. When you're finished with this course, you will have the Application Security skills and knowledge needed to securely authenticate users.

About the author
About the author

Like many software craftsmen, Josh eats, sleeps, and dreams in code. He codes for fun, and his kids code for fun! Right now, Josh works as a full-time committer on Spring Security and loves every minute.

More from the author
Securing Java Web Application Data
Intermediate
2h 41m
Jun 21, 2019
Micro-experimentation Tools in Java 9
Intermediate
1h 57m
Nov 1, 2017
More courses by Josh Cummings
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Josh Cummings, and welcome to my course, Securing Java Web Applications Using Authentication. I'm a full-time Springs Security committer over at Pivotal, and I love talking about application security. Just recently, WordPress experienced its largest distributed online bruteforce attack on record at 135, 000 WordPress sites. The attack clocked in at 196, 000 attempted logins per second. How do you think your app would hold up to that kind of on slot. In this course, we're going to talk about it. We'll talk about bruteforce, enumeration, plain text attacks, and more. Some of the major topics that we'll cover include why you need to do more than just be ambiguous with your error messaging, how to inform a user that their account is locked out without also letting the hackers know, the nooks and crannies where plaintext passwords like to lurk in your application, and why most password strength requirements give a false sense of security and what to do about it. By the end of this course, you'll know how to keep your user account details secure and how to listen for problems with them down the road. You'll understand that secure login is a lot more than just HTTPS. Before beginning the course, you should be familiar with Java Servlets at the very least. However, a knowledge of Gradle, Selenium, Mockito, Spring Boot, and Spring Security will also be helpful, especially if you're following along with the demos in your IDE. You might also get some benefit by starting with Securing Java Web Applications, my first course in the series, though, this course does not assume that you've already taken that. I hope you'll join me on this journey to learn application security with the securing Java Web Applications Using Authentication course, at Pluralsight.