Secure APIs

File Upload Vulnerabilities you own this product

This project is part of the liveProject series Secure APIs from Web Application Attacks

prerequisites: intermediate Java • basics of Spark • basic debugging
skills learned: identifying implementation vulnerabilities • remediating Java code vulnerabilities • testing functionality with Postman

Sashank Dara

1 week · 6-8 hours per week · BEGINNER

filed under

Development

explore online for free with your subscription

explore NOW view purchase options

placing your order...

Don't refresh or navigate away from the page.

liveProject

$19.99

liveProject This project is part of the liveProject series Secure APIs from Web Application Attacks liveProjects give you the opportunity to learn new skills by completing real-world challenges in your local development environment. Solve practical problems, write working code, and analyze real data—with liveProject, you learn by doing. These self-paced projects also come with full liveBook access to select books for 90 days plus permanent access to other select Manning products. $19.99 $29.99 you save $10 (33%)

get all Manning content with a subscription

File Upload Vulnerabilities (liveProject) added to cart

continue shopping adding to cart

continue shopping

adding to cart

choose your plan

pro

monthly

annual

$24.99

$249.99
only $20.83 per month

share your subscription with one other person
access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose another free eBook every time you renew
choose twelve free eBooks per year
exclusive 50% discount on all purchases
File Upload Vulnerabilities eBook for free

team

monthly

annual

$49.99

$499.99
only $41.67 per month

five seats for your team
access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose another free eBook every time you renew
choose twelve free eBooks per year
exclusive 50% discount on all purchases
File Upload Vulnerabilities eBook for free

Look inside

In this liveProject, you’ll tackle the kind of file upload vulnerabilities that allow attackers to upload huge amounts of junk data, overwrite existing files, or even deploy a virus. It is vitally important to test and validate the file upload capabilities in your API implementations. You’ll investigate the bugs that might be causing these issues, and then apply a code-level fix.

This liveProject was implemented by Natan Streppel.

This project is designed for learning purposes and is not a complete, production-ready application or solution.

book resources

When you start your liveProject, you get full access to the following books for 90 days.

project author

Sashank Dara

Sashank Dara received his PhD in cybersecurity from IIIT-Bangalore in the area of applied cryptography and threat intelligence. He’s an expert cybersecurity technologist with more than 17 years of experience in the field, including as a consultant advisor for Manipal Global Education Services’ cybersecurity programs and as a security technology and strategy advisor for security startups including Appknox, Haltdos, and SecurityJourney.com. He remains a trusted information security consultant and advisor for top companies in EdTech, IT/ITes, academia, and real estate. He’s the co-inventor of 5 U.S. patents (and 3 IETF drafts) in the areas of cloud, SDN, and NFV security, and he’s published more than a dozen research papers at IEEE, LNCS conferences in the areas of cloud security, privacy, cryptography, and threat intelligence. A prolific speaker at security conferences and invited talks, Dara is currently the CTO and co-founder of Seconize, an award-winning cybersecurity startup pioneering a cyber risk and compliance management SaaS product suite.

prerequisites

The liveProject is for Java programmers familiar with basic REST API development. To begin this project you will need to be familiar with:

TOOLS

Intermediate level Java (classes, objects)
Basics of Spark (GET and POST handlers)
Basics of SQL and JDBC (how to read SQL and perform queries)
Basics of Linux and performing commands from the command line
Java IDEs such as Eclipse or IntelliJ IDEA
Testing APIs, using Postman
Gradle
Docker
GIT

TECHNIQUES

Basic Debugging
Code Reviews
Code Refactoring
Unit Testing

you will learn

In this series of liveProjects, you’ll learn about common code-level vulnerabilities, along with fixes and verification methods.

Setting up the environment to run a reference API implementation using Java Spring
Testing the functionality of a reference API implementation using Postman
Identifying implementation vulnerabilities
Fixing Java code to remediate vulnerabilities
Retesting code for functionality using Postman

features

Self-paced: You choose the schedule and decide how much time to invest as you build your project.
Project roadmap: Each project is divided into several achievable steps.
Get Help: While within the liveProject platform, get help from other participants and our expert mentors.
Compare with others: For each step, compare your deliverable to the solutions by the author and other participants.
book resources: Get full access to select books for 90 days. Permanent access to excerpts from Manning products are also included, as well as references to other resources.