Securing Java Web Applications
This course focuses on detection and mitigation of the input validation family of vulnerabilities, which can steal data, take control of servers, and cause havoc. You'll know how to be prepared to arm your application with the appropriate defense.
What you'll learn
Is your site being hacked right now? How do you know? Where are the security holes in your Java web applications, waiting to be exploited? Security breaches are one of the biggest risks for business today. Fortunately, many attacks are well-known and follow common patterns. In this course, Securing Java Web Applications, you'll learn the top major input validation exploits as identified by OWASP, how they can be exploited in Java web applications, and how they can be corrected. First, you'll explore cross-site scripting and log injection. Next, you'll dive into understanding cross-site request forgery. Finally, you'll finish the course by covering malicious file upload. By the end of this course, you'll have the necessary skills and knowledge to make your code more secure.
Table of contents
- IANAV, But... 2m
- Setting up Terracotta, a Highly-vulnerable Web Application 1m
- Detecting Cross-site Scripting in Automated Regression Tests 3m
- A Simple Cross-site Scripting Exploit 1m
- Mitigating Cross-site Scripting with Blacklisting 3m
- Mitigating Cross-site Scripting with Whitelisting 3m
- The Importance of Canonicalization 3m
- Mitigating Cross-site Scripting with HTTP Response Headers 4m
- Defense In-depth with Cross-site Scripting 1m
- Mitigating Cross-site Scripting with Spring Security 1m
- Detecting Persisted Cross-site Scripting in Automated Regression Tests 3m
- Mitigating Cross-site Scripting with Output Encoding 5m
- How to Smuggle in a Carriage Return 4m
- Detecting CRLF Injection in Automated Regression Tests 1m
- Mitigating CRLF Injection Using Output Encoding 3m
- A Perfectly Forged Check 2m
- Detecting CSRF in Automated Regression Tests 3m
- Mitigating CSRF Using a Custom Header 2m
- Mitigating CSRF by Verifying Source and Target Origins 3m
- Mitigating CSRF Using Synchronized Tokens 2m
- Storing CSRF Synchronized Tokens a Cookie 2m
- Storing CSRF Synchronized Tokens in the Session 1m
- Storing CSRF Synchronized Tokens in a JWT 3m
- Mitigating CSRF Using Spring Security 2m
- Getting CSRF Defense Right 2m
- Redirect Dancing with Two Left Feet 1m
- Detecting Open Redirect in Automated Regression Tests 2m
- Mitigating Open Redirect with State 2m
- Mitigating Open Redirect with Whitelisting 2m
- Review + Deep Waters 1m
- Spot-the-forgery 3m
- Running Terracotta in a Docker Container 2m
- Detecting Malicious File Upload in Automated Regression Tests 2m
- Mitigating Malicious File Upload Using File Extensions 2m
- Mitigating Malicious File Upload Using Apache Tika 2m
- Mitigating Malicious File Upload Using ClamAV 1m
- Mitigating Malicious File Upload Using MultipartConfig 3m
- Detecting Directory Traversal in Automated Regression Tests 2m
- Mitigating Directory Traversal 4m
- Review + Mythbusting 2m
- How SQL Injection Makes a Database an Open Book 4m
- Detecting SQL Injection in Automated Regression Tests 4m
- Mitigating SQL Injection Using Bind Variables 1m
- Mitigating SQL Injection Using an ORM 2m
- An Infinite Loop in a Haystack 2m
- Detecting NoSQL Injection in Automated Regression Tests 3m
- Mitigating NoSQL Injection 4m
- Review 1m
About the author
Like many software craftsmen, Josh eats, sleeps, and dreams in code. He codes for fun, and his kids code for fun! Right now, Josh works as a full-time committer on Spring Security and loves every minute. Hailing from Salt Lake City, Utah, Josh loves to hike and be in the outdoors when he's not hacking away at some new Java library. He also loves to juggle, especially on every third Saturday in June. Application Security holds a special place in his heart, a place diametrically opposed to and cos... more