Exploiting and Securing Vulnerabilities in Java Applications
- Setup and Introduction to Cross Site Scripting Attacks
- In this module, you will be able to use Git and GitHub to pull needed source code. You will be able to run WebGoat in a Docker container and explain reasons for doing so. You'll be able to describe cross-site scripting attacks and explain how these attacks happen and how to guard against them. You'll be able to differentiate between a DOM-based, Reflected, and Stored cross-site scripting attacks. You will be able to practice protecting against various kinds of cross-site scripting attacks.
- Injection Attacks
- In this module, you will be able to exploit a SQL injection vulnerability and form plans to mitigate injection vulnerabilities in your web application. You will be able to discuss various approaches to finding and fixing XML, Entity and SQL attack vulnerabilities. You'll be able to describe and protect against a "man-in-the-middle" attack and describe the the thought process to find SQL injection vulnerabilities by "putting on the attacker's hat". You will be able to demonstrate how to properly modify queries to get them into prepared statements and analyze code while using an XML viewer and text editor to find vulnerabilities. You'll also be able to navigate a large code base to find critical segments of code and patch vulnerabilities.
- Authentication and Authorization
- In this module, you will be able to evaluate authentication flaws of various kinds to identify potential problems and create strategies and controls to provide secure authentication. You'll be able to create and/or implement controls to mitigate authentication bypass and draw lessons from notable instances where others failed to authenticate users. You will be able to properly implement authentication methods like JSON Web Tokens (JWT). You will be able to find vulnerabilities in a large code base and provide a solution for demonstrating and exploiting JSON Web Tokens (JWT).
- Dangers of Vulnerable Components and Final Project
- In this module, you will be able to use the OWASP Dependency Checker while analyzing code and verify that you have vulnerable components in the code. You will be able to examine code to find and patch vulnerable components. You will be able to apply what you learned from previous module activities to finalize your final project.