Four-Project Series
- prerequisites
- intermediate Java 11 • basics of Spark • basics of SQL and JDBC, basics of Postman for API testing • basic debugging
- skills learned
- identifying implementation vulnerabilities • remediating Java code vulnerabilities • testing functionality with Postman
pro $24.99 per month
- access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
- choose one free eBook per month to keep
- exclusive 50% discount on all purchases
lite $19.99 per month
- access to all Manning books, including MEAPs!
team
5, 10 or 20 seats+ for your team - learn more
In this series of liveProjects, you’ll go hands-on to secure a potentially vulnerable API from the most common web-based attacks. You’ll step into the role of a developer for Three Cliffs Travel Adventures looking to ensure that your company’s widely used bus ticket booking API is resistant to code-level vulnerabilities identified by the OWASP Top 10 API Security list. Each project in this series focuses on a new type of attack for you to defend against, so you can build a skill set that’s best for your career.
These projects are designed for learning purposes and are not complete, production-ready applications or solutions.
here's what's included
Project 1 SQL Injection Vulnerabilities
In this liveProject, you’ll patch SQL injection vulnerabilities in your company’s bus ticket API. SQL injection is one of the most common ways of attacking a web application, and your challenges will include investigating this code-level vulnerability and applying a fix in the Java code. You’ll get experience using Postman to test your API’s functionality before and after applying your fix.
This liveProject was implemented by Natan Streppel.
This liveProject was implemented by Natan Streppel.
Project 2 Remote OS Command Injection
In this liveProject, you’ll learn to tackle remote OS command injections—a dangerous vulnerability responsible for many high-profile cyber breaches. This vulnerability exploits times when an application calls an operating system command passing untrusted user-supplied input. You’ll investigate places where your application calls operating system commands, then apply and test a code-level fix.
This liveProject was implemented by Natan Streppel.
This liveProject was implemented by Natan Streppel.
Project 3 Insecure XXE Processing
In this liveProject, you’ll handle XXE processing vulnerabilities in Java code. XXE vulnerabilities are particularly common in Java applications as many XML parsers don’t automatically enable security settings. To handle this vulnerability, you’ll investigate to ensure your XML parsers are correctly set up, and then apply and test a code-level fix to the issue.
This liveProject was implemented by Natan Streppel.
This liveProject was implemented by Natan Streppel.
Project 4 File Upload Vulnerabilities
In this liveProject, you’ll tackle the kind of file upload vulnerabilities that allow attackers to upload huge amounts of junk data, overwrite existing files, or even deploy a virus. It is vitally important to test and validate the file upload capabilities in your API implementations. You’ll investigate the bugs that might be causing these issues, and then apply a code-level fix.
This liveProject was implemented by Natan Streppel.
This liveProject was implemented by Natan Streppel.
book resources
When you start each of the projects in this series, you'll get full access to the following book for 90 days.
choose your plan
pro
monthly
annual
$24.99
$249.99
only $20.83 per month
- access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
- choose another free product every time you renew
- choose twelve free products per year
- exclusive 50% discount on all purchases
-
![]()
Secure APIs from Web Application Attacks project for free
Secure APIs from Web Application Attacks project for free
team
monthly
annual
$49.99
$399.99
only $33.33 per month
- five seats for your team
- access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
- choose another free product every time you renew
- choose twelve free products per year
- exclusive 50% discount on all purchases
-
![]()
Secure APIs from Web Application Attacks project for free
Prerequisites
This series of liveProjects is for Java programmers familiar with basic REST API development. To begin this project you will need to be familiar with the following:
TOOLS
- Intermediate level Java (classes, objects)
- Basics of Spark (GET and POST handlers)
- Basics of SQL and JDBC (how to read SQL and perform queries)
- Basics of Linux and performing commands from the command line
- Java IDEs such as Eclipse or IntelliJ IDEA
- Testing APIs, using Postman
- Gradle
- Docker
- GIT
- Basic Debugging
- Code Reviews
- Code Refactoring
- Unit Testing
features
- Self-paced
- You choose the schedule and decide how much time to invest as you build your project.
- Project roadmap
- Each project is divided into several achievable steps.
- Get Help
- While within the liveProject platform, get help from fellow participants and even more help with paid sessions with our expert mentors.
- Compare with others
- For each step, compare your deliverable to the solutions by the author and other participants.
- book resources
- Get full access to select books for 90 days. Permanent access to excerpts from Manning products are also included, as well as references to other resources.
