In this liveProject, you’ll learn to tackle remote OS command injections—a dangerous vulnerability responsible for many high-profile cyber breaches. This vulnerability exploits times when an application calls an operating system command passing untrusted user-supplied input. You’ll investigate places where your application calls operating system commands, then apply and test a code-level fix.
This liveProject was implemented by Natan Streppel.
This project is designed for learning purposes and is not a complete, production-ready application or solution.
The liveProject is for Java programmers familiar with basic REST API development. To begin this project you will need to be familiar with:
- Intermediate level Java (classes, objects)
- Basics of Spark (GET and POST handlers)
- Basics of SQL and JDBC (how to read SQL and perform queries)
- Basics of Linux and performing commands from the command line
- Java IDEs such as Eclipse or IntelliJ IDEA
- Testing APIs, using Postman
- Basic Debugging
- Code Reviews
- Code Refactoring
- Unit Testing
you will learn
In this series of liveProjects, you’ll learn how to spot common code-level vulnerabilities, along with fixes and verification methods.
- Setting up the environment to run a reference API implementation using Java Spring
- Testing the functionality of a reference API implementation using Postman
- Identifying implementation vulnerabilities
- Fixing Java code to remediate vulnerabilities
- Retesting code for functionality using Postman