In this series of liveProjects, you’ll go hands-on to secure a potentially vulnerable API from the most common web-based attacks. You’ll step into the role of a developer for Three Cliffs Travel Adventures looking to ensure that your company’s widely used bus ticket booking API is resistant to code-level vulnerabilities identified by the OWASP Top 10 API Security list. Each project in this series focuses on a new type of attack for you to defend against, so you can build a skill set that’s best for your career.
These projects are designed for learning purposes and are not complete, production-ready applications or solutions.
here's what's included
Project 1 SQL Injection Vulnerabilities
Project 1 SQL Injection Vulnerabilities
In this liveProject, you’ll patch SQL injection vulnerabilities in your company’s bus ticket API. SQL injection is one of the most common ways of attacking a web application, and your challenges will include investigating this code-level vulnerability and applying a fix in the Java code. You’ll get experience using Postman to test your API’s functionality before and after applying your fix.
This liveProject was implemented by Natan Streppel.
Project 2 Remote OS Command Injection
Project 2 Remote OS Command Injection
In this liveProject, you’ll learn to tackle remote OS command injections—a dangerous vulnerability responsible for many high-profile cyber breaches. This vulnerability exploits times when an application calls an operating system command passing untrusted user-supplied input. You’ll investigate places where your application calls operating system commands, then apply and test a code-level fix.
This liveProject was implemented by Natan Streppel.
Project 3 Insecure XXE Processing
Project 3 Insecure XXE Processing
In this liveProject, you’ll handle XXE processing vulnerabilities in Java code. XXE vulnerabilities are particularly common in Java applications as many XML parsers don’t automatically enable security settings. To handle this vulnerability, you’ll investigate to ensure your XML parsers are correctly set up, and then apply and test a code-level fix to the issue.
This liveProject was implemented by Natan Streppel.
Project 4 File Upload Vulnerabilities
Project 4 File Upload Vulnerabilities
In this liveProject, you’ll tackle the kind of file upload vulnerabilities that allow attackers to upload huge amounts of junk data, overwrite existing files, or even deploy a virus. It is vitally important to test and validate the file upload capabilities in your API implementations. You’ll investigate the bugs that might be causing these issues, and then apply a code-level fix.
This liveProject was implemented by Natan Streppel.