This course focuses on detection and mitigation of the input validation family of vulnerabilities, which can steal data, take control of servers, and cause havoc. You'll know how to be prepared to arm your application with the appropriate defense.
Is your site being hacked right now? How do you know? Where are the security holes in your Java web applications, waiting to be exploited? Security breaches are one of the biggest risks for business today. Fortunately, many attacks are well-known and follow common patterns. In this course, Securing Java Web Applications, you'll learn the top major input validation exploits as identified by OWASP, how they can be exploited in Java web applications, and how they can be corrected. First, you'll explore cross-site scripting and log injection. Next, you'll dive into understanding cross-site request forgery. Finally, you'll finish the course by covering malicious file upload. By the end of this course, you'll have the necessary skills and knowledge to make your code more secure.
Like many software craftsmen, Josh eats, sleeps, and dreams in code. He codes for fun, and his kids code for fun! Right now, Josh works as a full-time committer on Spring Security and loves every minute.
Course Overview Hi everyone. My name is Josh Cummings, and welcome to my course Identifying and Closing Common Java Web Application Security Vulnerabilities. I work as a principal software engineer at Workfront and have developed in Java for over 15 years. It is both fascinating and sobering what an intrepid hacker can do to a system that appears to have no security flaws. Did you hear about the one where you could possibly steal someone's Twitter session by submitting Chinese characters in the URL? In this course, we're going to take a look at that vulnerability and many others and equip you with the knowledge that you need to code Java applications more securely, specifically focusing on input validation. Some of the major topics that we'll cover include cross-site scripting, log injection, sequel injection and, yes, no sequel injection, cross-site request forgery, and malicious file upload. By the end of this course, you'll be able to think more like a hacker while you're coding, and you'll have the undeniable itch to go review your own code for holes and flaws. And the best part is that you will have the tools and knowledge to make your code more secure. Before beginning this course, you should be familiar with at least the basics in Java, though a solid understanding of Java web applications will also be a big help. The demos are based in Java 8. Also, some of the demos are a bit more powerful with Docker so take the time to familiarize yourself with that if you want to take full advantage of the code download. I hope you'll join me on this journey to learn secure coding in Java with the Identifying and Closing Common Java Web Applications Security Vulnerabilities course at Pluralsight.