In this liveProject, you’ll handle XXE processing vulnerabilities in Java code. XXE vulnerabilities are particularly common in Java applications as many XML parsers don’t automatically enable security settings. To handle this vulnerability, you’ll investigate to ensure your XML parsers are correctly set up, and then apply and test a code-level fix to the issue.
This liveProject was implemented by Natan Streppel.
This project is designed for learning purposes and is not a complete, production-ready application or solution.
The liveProject is for Java programmers familiar with basic REST API development. To begin this project you will need to be familiar with:
- Intermediate level Java (classes, objects)
- Basics of Spark (GET and POST handlers)
- Basics of SQL and JDBC (how to read SQL and perform queries)
- Basics of Linux and performing commands from the command line
- Java IDEs such as Eclipse or IntelliJ IDEA
- Testing APIs, using Postman
- Basic Debugging
- Code Reviews
- Code Refactoring
- Unit Testing
you will learn
In this series of liveProjects, you’ll learn about common code-level vulnerabilities, along with fixes and verification methods.
- Setting up the environment to run a reference API implementation using Java Spring
- Testing the functionality of a reference API implementation using Postman
- Identifying implementation vulnerabilities
- Fixing Java code to remediate vulnerabilities
- Retesting code for functionality using Postman