University of California, Davis - Exploiting and Securing Vulnerabilities in Java Applications
- Offered byCoursera
Exploiting and Securing Vulnerabilities in Java Applications at Coursera Overview
Duration | 23 hours |
Start from | Start Now |
Total fee | Free |
Mode of learning | Online |
Difficulty level | Intermediate |
Official Website | Explore Free Course  |
Credential | Certificate |
Exploiting and Securing Vulnerabilities in Java Applications at Coursera Highlights
- Shareable Certificate Earn a Certificate upon completion
- 100% online Start instantly and learn at your own schedule.
- Course 4 of 4 in the Secure Coding Practices Specialization
- Flexible deadlines Reset deadlines in accordance to your schedule.
- Intermediate Level
- Approx. 23 hours to complete
- English Subtitles: French, Portuguese (European), Russian, English, Spanish
Exploiting and Securing Vulnerabilities in Java Applications at Coursera Course details
- In this course, we will wear many hats. With our Attacker Hats on, we will exploit Injection issues that allow us to steal data, exploit Cross Site Scripting issues to compromise a users browser, break authentication to gain access to data and functionality reserved for the ?Admins?, and even exploit vulnerable components to run our code on a remote server and access some secrets. We will also wear Defender Hats. We will dive deep in the code to fix the root cause of these issues and discuss various mitigation strategies. We do this by exploiting WebGoat, an OWASP project designed to teach penetration testing. WebGoat is a deliberately vulnerable application with many flaws and we take aim at fixing some of these issues. Finally we fix these issues in WebGoat and build our patched binaries. Together we will discuss online resources to help us along and find meaningful ways to give back to the larger Application Security community.
Exploiting and Securing Vulnerabilities in Java Applications at Coursera Curriculum
Setup and Introduction to Cross Site Scripting Attacks
Course Introduction
Overview of Resources and Tools for This Course
Setup and Introduction to Cross-site Scripting
Tips and Tricks to Use Git for Course and Project
How to Import WebGoat into IDE
How to Run WebGoat in a Docker Container
Injection Attacks: What They Are and How They Affect Us
Cross-site Scripting (XSS), Part 1
Protecting Against Cross-site Scripting (XSS), Part 2
Patching Reflected Cross-site Scripting (XSS), Part 3
Stored Cross-site Scripting (XSS)
Dangers of Cross-site Scripting (XSS) Attacks
A Note About Finding Lessons on WebGoat
Introduction to Labs (Peer Reviewed)
A Note From UC Davis
OWASP Cross Site Scripting Prevention Cheat Sheet
Note About Peer Review Assignments
Module 1 Quiz
Injection Attacks
Injection Attacks
Tutorial: Using a Proxy to Intercept Traffic from Client to Servers
SQL Syntax and Basics: Putting On the Attacker Hat
Solution to SQL Injection Attacks (SQLi)
SQL Injection Attacks: Evaluation of Code
XML External Entity (XXE) Attacks
Demo of an XML External Entity (XXE) Attack to Gain Remote Code Execution (RCE)
Evaluation of Code - XXE through a REST Framework
Solution: Evaluation of Code - XXE through a REST Framework
Patching the XXE Vulnerability
OWASP SQL Injection Prevention Cheat Sheet
OWASP XML External Entity Prevention Cheat Sheet
Module 2 Quiz
Authentication and Authorization
Authentication and Authorization
Introduction to Authentication Flaws in WebGoat
Authentication Bypass Exploit
Tips and Tricks for Burp Suite: Use Proxy to Intercept Traffic
Solution to Authentication Bypass: Evaluation of Code
Finding Vulnerabilities and Logical Flaws in Source Code
Introduction to JSON Web Tokens (JWT) and Authentication Bypass
Authentication Flaw JSON Web Tokens (JWT)
Solution Demo: Exploiting JSON Web Tokens (JWT)
Evaluating Code to Find the JSON Web Tokens (JWT) Flaw
Hint Video: (JWT) Patching the Vulnerable Code in WebGoat
Solution to Patch JWT Flaw
OWASP Transaction Authorization Cheat Sheet
A Beginner's Guide to JWTs in Java'
Module 3 Quiz
Dangers of Vulnerable Components and Final Project
Dangers of Vulnerable Components Introduction
Vulnerable Components (XStream Library)
Solution: Fixing Vulnerabilities with XStream
Introduction to Labs (Peer Reviewed)
Course Summary
Article: How Hackers Broke Equifax: Exploiting a Patchable Vulnerabil
Article: Exploiting OGNL Injection in Apache Struts
Note About Peer Review Assignments
Module 4 Practice Quiz
Exploiting and Securing Vulnerabilities in Java Applications at Coursera Admission Process
Important Dates
Other courses offered by Coursera
Student Forum
Anything you would want to ask experts?