Monthly Subscription Starting at AED 99 + VAT

Exploiting and Securing Vulnerabilities in Java Applications
  • Level Professional
  • المدة 24 ساعات hours
  • الطبع بواسطة University of California, Davis
  • Offered by

عن

In this course, we will wear many hats. With our Attacker Hats on, we will exploit Injection issues that allow us to steal data, exploit Cross Site Scripting issues to compromise a users browser, break authentication to gain access to data and functionality reserved for the ‘Admins’, and even exploit vulnerable components to run our code on a remote server and access some secrets. We will also wear Defender Hats. We will dive deep in the code to fix the root cause of these issues and discuss various mitigation strategies. We do this by exploiting WebGoat, an OWASP project designed to teach penetration testing. WebGoat is a deliberately vulnerable application with many flaws and we take aim at fixing some of these issues. Finally we fix these issues in WebGoat and build our patched binaries. Together we will discuss online resources to help us along and find meaningful ways to give back to the larger Application Security community.

الوحدات

Getting Started

    • 2 Videos
    • 1 Readings
    • 1 Discussion
Show info about module content

1 Discussions

  • Learning Goals

2 Videos

  • Course Introduction
  • Overview of Resources and Tools for This Course

1 Readings

  • A Note From UC Davis

Getting Your Environment Set-Up

    • 4 Videos
Show info about module content

4 Videos

  • Setup and Introduction to Cross-site Scripting
  • Tips and Tricks to Use Git for Course and Project
  • How to Import WebGoat into IDE
  • How to Run WebGoat in a Docker Container

Cross-site Scripting (XSS)

    • 6 Videos
    • 1 Readings
    • 3 Discussion
Show info about module content

3 Discussions

  • WebGoat Activity: Try It! Reflected XSS
  • WebGoat Activity: Try It! Reflected XSS (Again)
  • The Importance of Preventing Cross Site Scripting (XSS) Attacks

6 Videos

  • Injection Attacks: What They Are and How They Affect Us
  • Cross-site Scripting (XSS), Part 1
  • Protecting Against Cross-site Scripting (XSS), Part 2
  • Patching Reflected Cross-site Scripting (XSS), Part 3
  • Stored Cross-site Scripting (XSS)
  • Dangers of Cross-site Scripting (XSS) Attacks

1 Readings

  • OWASP Cross Site Scripting Prevention Cheat Sheet

Lab Activity and Review

    • 2 Videos
    • 1 Readings
    • 1 Discussion
    • 1 PeerReview
    • 1 Assignment
Show info about module content

1 Assignment

  • Module 1 Quiz

1 Peer Review

  • WebGoat Cross-Site Scripting (XSS)

1 Discussions

  • Cross Site Scripting (XSS) Lab Open Discussion Forum

2 Videos

  • A Note About Finding Lessons on WebGoat
  • Introduction to Labs (Peer Reviewed)

1 Readings

  • Note About Peer Review Assignments

Injection Attacks

    • 10 Videos
    • 2 Readings
    • 2 Discussion
Show info about module content

2 Discussions

  • WebGoat Activity: Try It! String SQL Injection
  • WebGoat Activity: XXE (XML External Entity)

10 Videos

  • Injection Attacks
  • Tutorial: Using a Proxy to Intercept Traffic from Client to Servers
  • SQL Syntax and Basics: Putting On the Attacker Hat
  • Solution to SQL Injection Attacks (SQLi)
  • SQL Injection Attacks: Evaluation of Code
  • XML External Entity (XXE) Attacks
  • Demo of an XML External Entity (XXE) Attack to Gain Remote Code Execution (RCE)
  • Evaluation of Code - XXE through a REST Framework
  • Solution: Evaluation of Code - XXE through a REST Framework
  • Patching the XXE Vulnerability

2 Readings

  • OWASP SQL Injection Prevention Cheat Sheet
  • OWASP XML External Entity Prevention Cheat Sheet

Lab Activity and Review

    • 1 Discussion
    • 1 PeerReview
    • 1 Assignment
Show info about module content

1 Assignment

  • Module 2 Quiz

1 Peer Review

  • WebGoat SQL Injection

1 Discussions

  • Injection Attacks Lab Open Discussion Forum

Authentication and Authorization

    • 6 Videos
    • 1 Readings
    • 1 Discussion
Show info about module content

1 Discussions

  • WebGoat Activity: Authentication Bypasses

6 Videos

  • Authentication and Authorization
  • Introduction to Authentication Flaws in WebGoat
  • Authentication Bypass Exploit
  • Tips and Tricks for Burp Suite: Use Proxy to Intercept Traffic
  • Solution to Authentication Bypass: Evaluation of Code
  • Finding Vulnerabilities and Logical Flaws in Source Code

1 Readings

  • OWASP Transaction Authorization Cheat Sheet

JSON Web Tokens (JWT)

    • 6 Videos
    • 1 Readings
    • 1 Discussion
Show info about module content

1 Discussions

  • WebGoat Activity: JWT Tokens

6 Videos

  • Introduction to JSON Web Tokens (JWT) and Authentication Bypass
  • Authentication Flaw JSON Web Tokens (JWT)
  • Solution Demo: Exploiting JSON Web Tokens (JWT)
  • Evaluating Code to Find the JSON Web Tokens (JWT) Flaw
  • Hint Video: (JWT) Patching the Vulnerable Code in WebGoat
  • Solution to Patch JWT Flaw

1 Readings

  • A Beginner's Guide to JWTs in Java'

Lab Activity and Review

    • 1 Discussion
    • 1 PeerReview
    • 1 Assignment
Show info about module content

1 Assignment

  • Module 3 Quiz

1 Peer Review

  • WebGoat Authentication Flaws

1 Discussions

  • Authentication Flaws Lab Open Discussion Forum

Dangers of Vulnerable Components

    • 3 Videos
    • 2 Readings
    • 1 Discussion
    • 1 Assignment
Show info about module content

1 Assignment

  • Module 4 Practice Quiz

1 Discussions

  • WebGoat Activity: Vulnerable Components

3 Videos

  • Dangers of Vulnerable Components Introduction
  • Vulnerable Components (XStream Library)
  • Solution: Fixing Vulnerabilities with XStream

2 Readings

  • Article: How Hackers Broke Equifax: Exploiting a Patchable Vulnerabil
  • Article: Exploiting OGNL Injection in Apache Struts

Graded Peer Assignment

    • 1 Videos
    • 1 Readings
    • 1 PeerReview
Show info about module content

1 Peer Review

  • WebGoat Vulnerable Components

1 Videos

  • Introduction to Labs (Peer Reviewed)

1 Readings

  • Note About Peer Review Assignments

Course Summary

    • 1 Videos
    • 1 Discussion
Show info about module content

1 Discussions

  • Self-Reflection

1 Videos

  • Course Summary

Auto Summary

"Exploiting and Securing Vulnerabilities in Java Applications" is a dynamic and comprehensive course tailored for IT and Computer Science professionals. This course, offered by Coursera, delves into the critical aspects of both attacking and defending Java applications. Learners will explore various vulnerabilities, including Injection issues, Cross Site Scripting, and authentication breaches to understand how attackers can exploit these weaknesses. Additionally, participants will switch roles to become defenders, learning to identify and fix these vulnerabilities by diving deep into the code. The course utilizes WebGoat, an OWASP project, as a practical tool to teach penetration testing and secure coding practices. WebGoat is intentionally designed with flaws, providing a hands-on experience in both exploiting and patching security issues. Learners will also discover valuable online resources and strategies for contributing to the broader Application Security community. Spanning a total duration of 24 hours, this professional-level course is available through the Starter subscription on Coursera. It is ideal for IT professionals, software developers, and security enthusiasts looking to deepen their understanding of Java application security and enhance their skills in both offensive and defensive security measures.

Joubin Jabbari
Instructor

Joubin Jabbari