Exploiting and Securing Vulnerabilities in Java Applications

University of California, Davis

In this course, participants will delve into the world of web application security, exploring the various vulnerabilities and strategies to mitigate them. The course covers a wide range of topics, from cross-site scripting (XSS) attacks and injection vulnerabilities to secure authentication and authorization.

Participants will learn to wear the attacker hat, exploiting various vulnerabilities, and then switch to the defender hat, diving deep into code to fix root causes and discuss mitigation strategies. The course also provides insights into finding and patching vulnerable components, and offers a hands-on approach to learning through the deliberately vulnerable application, WebGoat.

With a focus on Java applications, this course equips participants with the knowledge and tools to protect against and address security threats, making it a valuable resource for developers, security professionals, and anyone interested in application security.

Certificate Available ✔

Get Started / More Info
Exploiting and Securing Vulnerabilities in Java Applications
Course Modules

This course comprises four comprehensive modules, covering topics such as cross-site scripting attacks, injection vulnerabilities, authentication and authorization, and the dangers of vulnerable components. Participants will gain practical skills and knowledge to effectively secure Java applications.

Setup and Introduction to Cross Site Scripting Attacks

Participants will be introduced to cross-site scripting attacks and learn how to set up and import WebGoat into an IDE. They will gain insights into injection attacks, the dangers of XSS attacks, and various mitigation strategies.

Injection Attacks

This module focuses on injection attacks, covering SQL injection, XML external entity attacks, and the use of proxies to intercept traffic. Participants will explore solutions and patches for these vulnerabilities, as well as engage in hands-on activities within the WebGoat environment.

Authentication and Authorization

Authentication and authorization are the key focus of this module, where participants will learn to identify and exploit authentication flaws. The module also covers JSON Web Tokens (JWT) and offers practical demonstrations and solutions for securing authentication processes.

Dangers of Vulnerable Components and Final Project

This module delves into the dangers of vulnerable components, specifically the XStream library. Participants will learn to identify and fix vulnerabilities, and engage in a final project that ties together the concepts covered throughout the course.

More Computer Security and Networks Courses

Cybersecurity: Developing a Program for Your Business

University System of Georgia

Cybersecurity: Developing a Program for Your Business equips you with essential skills to protect business assets through policy, education, and technology best...

AWS: Network Security, Compliance and Governance


AWS: Network Security, Compliance and Governance is a comprehensive course covering AWS security, compliance, and network optimization. Gain hands-on knowledge and...

Tools of the Trade: Linux and SQL


Tools of the Trade: Linux and SQL equips learners with essential computing skills for cybersecurity roles, covering Linux command line usage and SQL database querying....

Practice Exam for CompTIA ITF+ Certification


Prepare for the CompTIA ITF+ Certification exam with this comprehensive course, including exam-taking strategies, readiness assessment, and cloud computing topics....