Securing Java Web Applications

This course focuses on detection and mitigation of the input validation family of vulnerabilities, which can steal data, take control of servers, and cause havoc. You'll know how to be prepared to arm your application with the appropriate defense.
Course info
Rating
(41)
Level
Intermediate
Updated
Jul 31, 2017
Duration
2h 24m
Table of contents
Course Overview
How Many Vulnerabilities Can You Spot?
Preventing Cross-site Scripting Attacks
Preventing Log Injection and Log Forgery
Preventing CSRF, Response Splitting, and Open Redirect
Preventing Directory Traversal and Malicious File Upload
Preventing SQL and NoSQL Injection
Building in Security First
Description
Course info
Rating
(41)
Level
Intermediate
Updated
Jul 31, 2017
Duration
2h 24m
Description

Is your site being hacked right now? How do you know? Where are the security holes in your Java web applications, waiting to be exploited? Security breaches are one of the biggest risks for business today. Fortunately, many attacks are well-known and follow common patterns. In this course, Securing Java Web Applications, you'll learn the top major input validation exploits as identified by OWASP, how they can be exploited in Java web applications, and how they can be corrected. First, you'll explore cross-site scripting and log injection. Next, you'll dive into understanding cross-site request forgery. Finally, you'll finish the course by covering malicious file upload. By the end of this course, you'll have the necessary skills and knowledge to make your code more secure.

About the author
About the author

Like many software craftsmen, Josh eats, sleeps, and dreams in code. He codes for fun, and his kids code for fun! Right now, Josh works as a full-time committer on Spring Security and loves every minute.

More from the author
Securing Spring Data REST APIs
Advanced
1h 41m
Feb 19, 2020
Securing Java Web Application Data
Intermediate
2h 40m
Jun 21, 2019
More courses by Josh Cummings
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Josh Cummings, and welcome to my course Identifying and Closing Common Java Web Application Security Vulnerabilities. I work as a principal software engineer at Workfront and have developed in Java for over 15 years. It is both fascinating and sobering what an intrepid hacker can do to a system that appears to have no security flaws. Did you hear about the one where you could possibly steal someone's Twitter session by submitting Chinese characters in the URL? In this course, we're going to take a look at that vulnerability and many others and equip you with the knowledge that you need to code Java applications more securely, specifically focusing on input validation. Some of the major topics that we'll cover include cross-site scripting, log injection, sequel injection and, yes, no sequel injection, cross-site request forgery, and malicious file upload. By the end of this course, you'll be able to think more like a hacker while you're coding, and you'll have the undeniable itch to go review your own code for holes and flaws. And the best part is that you will have the tools and knowledge to make your code more secure. Before beginning this course, you should be familiar with at least the basics in Java, though a solid understanding of Java web applications will also be a big help. The demos are based in Java 8. Also, some of the demos are a bit more powerful with Docker so take the time to familiarize yourself with that if you want to take full advantage of the code download. I hope you'll join me on this journey to learn secure coding in Java with the Identifying and Closing Common Java Web Applications Security Vulnerabilities course at Pluralsight.