Four-Project Series

Secure APIs from Web Application Attacks you own this product

prerequisites
intermediate Java 11 • basics of Spark • basics of SQL and JDBC, basics of Postman for API testing • basic debugging
skills learned
identifying implementation vulnerabilities • remediating Java code vulnerabilities • testing functionality with Postman
Sashank Dara
4 weeks · 6-8 hours per week average · BEGINNER

pro $24.99 per month

  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose one free eBook per month to keep
  • exclusive 50% discount on all purchases

lite $19.99 per month

  • access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more


In this series of liveProjects, you’ll go hands-on to secure a potentially vulnerable API from the most common web-based attacks. You’ll step into the role of a developer for Three Cliffs Travel Adventures looking to ensure that your company’s widely used bus ticket booking API is resistant to code-level vulnerabilities identified by the OWASP Top 10 API Security list. Each project in this series focuses on a new type of attack for you to defend against, so you can build a skill set that’s best for your career.

These projects are designed for learning purposes and are not complete, production-ready applications or solutions.

here's what's included

Project 1 SQL Injection Vulnerabilities
In this liveProject, you’ll patch SQL injection vulnerabilities in your company’s bus ticket API. SQL injection is one of the most common ways of attacking a web application, and your challenges will include investigating this code-level vulnerability and applying a fix in the Java code. You’ll get experience using Postman to test your API’s functionality before and after applying your fix.

This liveProject was implemented by Natan Streppel.
Project 2 Remote OS Command Injection
In this liveProject, you’ll learn to tackle remote OS command injections—a dangerous vulnerability responsible for many high-profile cyber breaches. This vulnerability exploits times when an application calls an operating system command passing untrusted user-supplied input. You’ll investigate places where your application calls operating system commands, then apply and test a code-level fix.

This liveProject was implemented by Natan Streppel.
Project 3 Insecure XXE Processing
In this liveProject, you’ll handle XXE processing vulnerabilities in Java code. XXE vulnerabilities are particularly common in Java applications as many XML parsers don’t automatically enable security settings. To handle this vulnerability, you’ll investigate to ensure your XML parsers are correctly set up, and then apply and test a code-level fix to the issue.

This liveProject was implemented by Natan Streppel.
Project 4 File Upload Vulnerabilities
In this liveProject, you’ll tackle the kind of file upload vulnerabilities that allow attackers to upload huge amounts of junk data, overwrite existing files, or even deploy a virus. It is vitally important to test and validate the file upload capabilities in your API implementations. You’ll investigate the bugs that might be causing these issues, and then apply a code-level fix.

This liveProject was implemented by Natan Streppel.

book resources

When you start each of the projects in this series, you'll get full access to the following book for 90 days.

choose your plan

team

monthly
annual
$49.99
$399.99
only $33.33 per month
  • five seats for your team
  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose another free product every time you renew
  • choose twelve free products per year
  • exclusive 50% discount on all purchases
  • Secure APIs from Web Application Attacks project for free

project author

Sashank Dara

Sashank Dara received his PhD in cybersecurity from IIIT-Bangalore in the area of applied cryptography and threat intelligence. He’s an expert cybersecurity technologist with more than 17 years of experience in the field, including as a consultant advisor for Manipal Global Education Services’ cybersecurity programs and as a security technology and strategy advisor for security startups including Appknox, Haltdos, and SecurityJourney.com. He remains a trusted information security consultant and advisor for top companies in EdTech, IT/ITes, academia, and real estate. He’s the co-inventor of 5 U.S. patents (and 3 IETF drafts) in the areas of cloud, SDN, and NFV security, and he’s published more than a dozen research papers at IEEE, LNCS conferences in the areas of cloud security, privacy, cryptography, and threat intelligence. A prolific speaker at security conferences and invited talks, Dara is currently the CTO and co-founder of Seconize, an award-winning cybersecurity startup pioneering a cyber risk and compliance management SaaS product suite.

Prerequisites

This series of liveProjects is for Java programmers familiar with basic REST API development. To begin this project you will need to be familiar with the following:


TOOLS
  • Intermediate level Java (classes, objects)
  • Basics of Spark (GET and POST handlers)
  • Basics of SQL and JDBC (how to read SQL and perform queries)
  • Basics of Linux and performing commands from the command line
  • Java IDEs such as Eclipse or IntelliJ IDEA
  • Testing APIs, using Postman
  • Gradle
  • Docker
  • GIT
TECHNIQUES
  • Basic Debugging
  • Code Reviews
  • Code Refactoring
  • Unit Testing

features

Self-paced
You choose the schedule and decide how much time to invest as you build your project.
Project roadmap
Each project is divided into several achievable steps.
Get Help
While within the liveProject platform, get help from other participants and our expert mentors.
Compare with others
For each step, compare your deliverable to the solutions by the author and other participants.
book resources
Get full access to select books for 90 days. Permanent access to excerpts from Manning products are also included, as well as references to other resources.