click to
look inside
Look inside
Secure APIs

SQL Injection Vulnerabilities you own this product

This free project is part of the liveProject series Secure APIs from Web Application Attacks
prerequisites
intermediate Java • Postman for API testing • basic debugging
skills learned
identifying implementation vulnerabilities • remediating Java code vulnerabilities • testing functionality with Postman
Sashank Dara
1 week · 6-8 hours per week · BEGINNER
filed under

placing your order...

Don't refresh or navigate away from the page.
This free project is part of the liveProject series Secure APIs from Web Application Attacks explore series
Check your email for instructions on accessing SQL Injection Vulnerabilities (liveProject)
continue shopping
go to cart

Look inside
In this liveProject, you’ll patch SQL injection vulnerabilities in your company’s bus ticket API. SQL injection is one of the most common ways of attacking a web application, and your challenges will include investigating this code-level vulnerability and applying a fix in the Java code. You’ll get experience using Postman to test your API’s functionality before and after applying your fix.

This liveProject was implemented by Natan Streppel.

project author

Sashank Dara
Sashank Dara, PhD, is a seasoned cybersecurity technologist and expert. He has over 17 years of extensive experience in cybersecurity R&D. He got his PhD in cybersecurity from IIIT-Bangalore in the area of applied cryptography and threat intelligence. He is co-inventor of five U.S. patents (and 3 IETF drafts) in the areas of cloud, SDN, and NFV security. He is a trusted information security consultant and adviser for top companies in EdTech, IT/ITes, academia, and real estate. Dara has published more than a dozen research papers at IEEE, LNCS conferences in the areas of cloud security, privacy, cryptography, and threat intelligence. He is a prolific speaker at security conferences and invited talks. He was a consultant advisor with Manipal Global Education Services for its cybersecurity programs. He was security technology and strategy advisor for security startups including Appknox, Haltdos, and SecurityJourney.com. Dara is currently the CTO and co-founder of Seconize, an award-winning cybersecurity startup pioneering a cyber risk and compliance management SaaS product suite.

prerequisites

he liveProject is for Java programmers familiar with basic REST API development. To begin this project you will need to be familiar with:

TOOLS
  • Intermediate level Java (classes, objects)
  • Basics of Spark (GET and POST handlers)
  • Basics of SQL and JDBC (how to read SQL and perform queries)
  • Basics of Linux and performing commands from the command line
  • Java IDEs such as Eclipse or IntelliJ IDEA
  • Testing APIs, using Postman
  • Gradle
  • Docker
  • GIT
TECHNIQUES
  • Basic Debugging
  • Code Reviews
  • Code Refactoring
  • Unit Testing

you will learn

In this series of liveProjects, you’ll learn how to spot common code-level vulnerabilities, along with fixes and verification methods.

  • Setting up the environment to run a reference API implementation using Java Spring
  • Testing the functionality of a reference API implementation using Postman
  • Identifying the implementation vulnerabilities
  • Fixing Java code to remediate vulnerabilities
  • Retesting code for functionality using Postman

features

Self-paced
You choose the schedule and decide how much time to invest as you build your project.
Project roadmap
Each project is divided into several achievable steps.
Get Help
While within the liveProject platform, get help from other participants.
Compare with others
For each step, compare your deliverable to the solutions by the author and other participants.
RECENTLY VIEWED