Four-Project Series

Develop Secure Java Applications to Prevent Website Attacks

In this series of liveProjects, you’ll repair serious security vulnerabilities uncovered in the Java backend of a server, servlet, and Java Server Pages (JSP). A security team has just finished a penetration test of your company’s web app, and you’ve been handed the list of everything that needs to be fixed—and fast. You’ll be given a complete sample application source code to work with. Each project in this series contains several vulnerabilities for you to tackle based on findings from the pentester’s results.

These projects are designed for learning purposes and are not complete, production-ready applications or solutions.

here's what's included

Project 1 Scripting Attacks
In this liveProject, you’ll tackle risks caused by unsafe input and output handling in your application. These bugs can make your application vulnerable to reflected and stored attacks such as Cross-Site Scripting (XSS). You’ll identify insecure code and develop fixes to securely handle inputs from untrusted sources, safely manage your encoded data, and avoid unsafe calculations with numeric data types. You will be provided with resource material to identify the problems and will replace the vulnerable Java with secure code to protect against attacks.
Project 2 Injection Attacks
In this liveProject, you’ll fix bugs in your code that are vulnerable to injection attacks. Injection attacks are a serious risk to your application, allowing attackers to steal data, insert their own data, or make your system perform in unexpected ways. You’ll harden your app against the different types of injection attacks such as XML injection, serialized Java objects, JSON deserialization, Zipbomb attacks, and many more exciting attacks which require special defenses.
$29.99 $19.99
add to cart
Project 3 Secure Failing Code
In this liveProject, you’ll learn how to defend against attacks that could force a failure in your application or cause it to enter an unstable state. Unexpected behaviors and fail states can allow an attacker to steal information or provide information for a secondary attack. You’ll create catch statements and methods that can securely handle exceptions, design code that can maintain state on failure, and learn to avoid unstable system states altogether.
$29.99 $19.99
add to cart
Project 4 Session Hijacking
In this liveProject, you’ll write secure Java code for handling potentially untrusted data in web applications. You’ll build systems that can protect against data from web app forms; safely handle cookies, headers and redirects; and set up secure authentication mechanisms. Finally, you’ll manage your third-party libraries and identify potential vulnerabilities using Software Composition Analysis (SCA). Insecure third-party libraries can add vulnerabilities to your otherwise secure application and have been used in several recent real-world compromises.
$29.99 $19.99
add to cart

project author

Philip Kulp
Dr. Philip Kulp has been consulting in cybersecurity for over 20 years, and working in IT for over 25 years. He currently works as a cybersecurity architect and incident responder, developing realistic approaches to securing enterprise. He also serves as a secure code reviewer, independent assessor, web application tester, and as an adjunct professor at Drexel University. He is an author and conference speaker on various cyber topics such as medical drone delivery, identifying malicious websites based on linking, and more.

Prerequisites

This liveProject is designed to be accessible to Java programmers of all skill levels. To complete all the projects in this series you will need to be familiar with:

TOOLS
  • Experience with either Eclipse IDE or IntelliJ IDEA
TECHNIQUES
  • RegEx for search and replace
  • Basic XML
  • Basic JSON
  • Working with Java servlets

you will learn

In this liveProject, you’ll learn secure coding techniques that you can apply to future code you write or review.

  • Handling text from untrusted sources
  • Safely logging untrusted data
  • Working with encoded data
  • Avoiding unsafe calculations with numeric data types
  • Working with databases
  • Securely working with regular files and compressed archives
  • Regex and other string filtering
  • Securely working with XML content
  • Creating catch statements to securely handle exceptions
  • Designing applications that maintain state on failure
  • Avoiding catching unstable application exceptions
  • Developing software which can recover from an unstable state
  • Securely handle untrusted form data
  • Evaluate uploaded files
  • Safely handle sending cookies, headers, and redirects
  • Avoid Cross Site Request Forgery attacks with form tokens
  • Protect authentication mechanisms
  • Create secure Java Web Tokens

features

Self-paced
You choose the schedule and decide how much time to invest as you build your project.
Project roadmap
Each project is divided into several achievable steps.
Get Help
While within the liveProject platform, get help from other participants and our expert mentors.
Compare with others
For each step, compare your deliverable to the solutions by the author and other participants.
book resources
Get full access to select books for 90 days. Permanent access to excerpts from Manning products are also included, as well as references to other resources.
includes 4 liveProjects
liveProject $49.99 $69.99 self-paced learning
RECENTLY VIEWED