Are you a Java web developer and want to write secure code? Do you want to learn Ethical hacking and Web application security? With this hands-on injection attacks course you will start learning web security using one of the top vulnerabilities of OWASP Top 10 list. Injection attack is still listed in top 3 attacks in the OWASP Top 10 and it is important to prevent against injection attacks to develop secure web applications.
Web security: Injection Attacks with Java & Spring Boot
8h 44m 36s
English
Paid
Web security: Injection Attacks with Java & Spring Boot is a 76-lesson 8 hours 44 minutes self-paced course by Udemy. Are you a Java web developer and want to write secure code?
Course facts
- Lessons
- 76
- Duration
- 8 hours 44 minutes
- Level
- All levels
- Language
- English
- Updated
- Instructor
- Udemy
- Price
- Premium
As part of the blue and red security teams,I have a practical knowledge and I am here to help you learn the injection vulnerability in detail.
In this course, you will focus on different type of injection attacks;
SQL Injection
NoSQL injection
LDAP injection
LOG injection
CSV injection
Ethical hacking and Web application security are the two important subjects of Cyber Security field and having practical knowledge about Injections will enable you to better understand the security concepts and make a quick start.
In this course you will follow defense-in-depth principle and apply multiple solutions to each vulnerability to secure the web application in multiple layers.
You will follow a hands-on approach. You will not only learn how to exploit an application using different kind of injection attacks, but also develop the vulnerable applications from scratch in which you will have a common web login module with Thymeleaf and Bootstrap for a basic front-end, with Spring security form login authentication & authorisation, and with separate applications for SQL, NoSQL and LDAP injections.
The applications will be developed using Java, Spring boot and Spring Data along with the most used data sources, such as PostgreSQL for SQL Injection, MongoDB for NoSQL injection and OpenLDAP for LDAP injection.
In each section there will be;
Development of the vulnerable web application using Java, Spring boot and Spring security
Hacking of the application with various attack payloads and with Ethical hacking examples
Protection steps and the implementations to prevent injection attacks
At the end of the course you will understand the different type of injection vulnerabilities, perform injection attacks against the vulnerable web applications you have developed, and learn how to protect your applications against the injection attacks using various techniques such as,
Validation and sanitisation using white list approach
Parametrised queries with prepared statements
Escaping output
Using secure trusted libraries
Error handling and logging
General coding practices
If you want to skip the development and only perform the hacking of applications, you can jump into the injection lectures and download the source code provided in the resources section of that lecture. Be aware that you will still need to install PostgreSQL for SQL Injection, MongoDB for NoSQL injection and OpenLDAP docker container for LDAP injection. You can see how to install and configure these data sources in the beginning lectures of each injection section.
Who teaches Web security: Injection Attacks with Java & Spring Boot? Udemy
Udemy is the largest open marketplace for online courses on the internet. Founded in 2010 by Eren Bali, Oktay Caglar, and Gagan Biyani and headquartered in San Francisco, the company went public on the Nasdaq in 2021 under the ticker UDMY. The platform hosts well over two hundred thousand courses across software development, IT and cloud, data science, design, business, marketing, and creative skills, taught by tens of thousands of independent instructors. Roughly seventy million learners use it worldwide, and the corporate arm — Udemy Business — supplies a curated subset of that catalog to enterprise customers.
Because Udemy is a marketplace rather than a single editorial publisher, the catalog is uneven by design. The strongest material lives in the long-form, project-based courses authored by working engineers — full-stack JavaScript, React, Node.js, Python data science, AWS, Docker and Kubernetes, mobile development with Flutter and React Native, and cloud certification preparation. The CourseFlix listing under this source is the slice of that catalog that has been mirrored here for offline-friendly viewing, organized by topic and updated as new releases land. Pricing on Udemy itself swings dramatically with the site's near-permanent sales, which is why the platform is best treated as a deep reference catalog: pick instructors with strong reviews and a track record of updating their material rather than buying on the headline price alone.
What lessons are included in Web security: Injection Attacks with Java & Spring Boot?
0:00
/ #1: Why to learn Secure coding principles & Web security?
All Course Lessons (76)
| # | Lesson Title | Duration | Access |
|---|---|---|---|
| 1 | Why to learn Secure coding principles & Web security? Demo | 06:54 | |
| 2 | Structure of the course | 04:24 | |
| 3 | Setting up the environment | 06:57 | |
| 4 | Adding the base pom.xml with basic maven dependencies | 07:38 | |
| 5 | Creating common login module with dependencies, thymeleaf templates & bootstrap | 07:27 | |
| 6 | Creating the package structure and adding interfaces | 03:28 | |
| 7 | Adding authentication provider and user details to customise form authentication | 09:14 | |
| 8 | Adding web security configuration for Spring security form login authentication | 07:35 | |
| 9 | Adding API endpoints | 06:01 | |
| 10 | Adding Custom Error Controller | 11:16 | |
| 11 | Introduction to Injections | 02:24 | |
| 12 | Explaining SQL injection | 01:53 | |
| 13 | Creating SQL Injection application with dependencies and configuration | 08:50 | |
| 14 | Adding PostgreSQL init files, packages and validator implementation | 07:54 | |
| 15 | Implementing Spring Data JPA entities | 03:18 | |
| 16 | Adding Spring Data JPA repository interfaces | 03:23 | |
| 17 | Implementing Spring Data JPA repository | 08:40 | |
| 18 | Adding SQL injection user detail service implementation | 06:41 | |
| 19 | Implementing user service interface | 03:27 | |
| 20 | Hacking SQL Injection application using login form with Http Post - Part 1 | 07:24 | |
| 21 | Hacking SQL Injection application using login form with Http Post - Part 2 | 06:36 | |
| 22 | Hacking SQL Injection application with Http Get - Part 1 | 08:51 | |
| 23 | Hacking SQL Injection application with Http Get - Part 2 | 06:20 | |
| 24 | Hacking SQL Injection application with Http Get - Part 3 - Using Burp Suite | 12:20 | |
| 25 | Extending Http Get vulnerability to read system files - Part 1 | 07:48 | |
| 26 | Extending Http Get vulnerability to read system files - Part 2 | 08:01 | |
| 27 | Preventing Sql injection: Validation and Sanitisation | 11:41 | |
| 28 | Preventing Sql injection: Using Prepared statements | 10:20 | |
| 29 | Preventing Sql injection: Summary | 07:43 | |
| 30 | A final attack using a vulnerable SQL function | 04:09 | |
| 31 | Explaining NoSQL injection | 02:08 | |
| 32 | Adding NoSQL injection module with dependencies using MongoDB | 08:41 | |
| 33 | Adding configuration and init data file | 07:55 | |
| 34 | Adding packages and validator implementation | 04:35 | |
| 35 | Implementing mongoDB configuration | 08:09 | |
| 36 | Adding repository interfaces | 08:07 | |
| 37 | Implementing repository and adding service layer classes | 08:54 | |
| 38 | Hacking NoSQL injection application: Using login form | 10:10 | |
| 39 | Hacking NoSQL injection: Using user info endpoint with Regex | 06:01 | |
| 40 | Preventing NoSQL injection: Validation and sanitisation | 07:16 | |
| 41 | Preventing NoSQL injection: Using criteria Api | 08:33 | |
| 42 | Preventing NoSQL injection: Using JPA repository | 04:48 | |
| 43 | Explaining LDAP injection | 02:04 | |
| 44 | Adding LDAP injection module with LDAP schema file | 07:54 | |
| 45 | Adding dependencies,configuration and startup file to initialisatize LDAP schema | 09:41 | |
| 46 | Creating packages and adding Spring boot starter class to initialise LDAP data | 06:29 | |
| 47 | Creating entity and validation implementations, and repository interfaces | 05:16 | |
| 48 | Adding LDAP helper class for LDAP operations | 11:56 | |
| 49 | Completing the user repository implementation | 05:16 | |
| 50 | Completing the user role repository and service implementation | 06:44 | |
| 51 | Hacking LDAP injection - Part 1 | 06:21 | |
| 52 | Hacking LDAP injection - Part 2 | 05:52 | |
| 53 | Preventing LDAP injection: Validation and sanitisation | 04:19 | |
| 54 | Preventing LDAP injection: Using secure libraries | 11:36 | |
| 55 | Explaining LOG injection | 03:46 | |
| 56 | Adding a new endpoint to use in LOG injection attacks | 05:51 | |
| 57 | Adding log data endpoint and thymeleaf template to view logs by admin user | 07:30 | |
| 58 | Adding Logback configuration | 06:02 | |
| 59 | Creating the attacker application | 04:06 | |
| 60 | Hacking LOG injection with Line Feed | 05:05 | |
| 61 | Hacking LOG injection with Carriage Return | 08:44 | |
| 62 | Hacking LOG injection: XSS attack - Part 1 | 06:50 | |
| 63 | Hacking LOG injection: XSS attack - Part 2 | 05:34 | |
| 64 | Preventing LOG injection: Validation and using trusted libraries protections | 08:03 | |
| 65 | Preventing LOG injection: XSS attacks | 06:27 | |
| 66 | Explaining CSV injection | 02:00 | |
| 67 | Adding new interfaces | 04:45 | |
| 68 | Adding user detail Api methods for CSV injection | 08:18 | |
| 69 | Adding export user details Api method for CSV injection | 05:54 | |
| 70 | Adding data access implementation classes | 04:20 | |
| 71 | Implementing user detail service | 09:42 | |
| 72 | Implementing excel generator service | 11:49 | |
| 73 | A new endpoint on attacker web site | 01:31 | |
| 74 | Hacking CSV injection using excel formula | 10:11 | |
| 75 | Preventing CSV injection - Part 1 | 09:35 | |
| 76 | Preventing CSV injection - Part 2 | 11:11 |
Unlock unlimited learning
Get instant access to all 75 lessons in this course, plus thousands of other premium courses. One subscription, unlimited knowledge.
Learn more about subscriptionWhat courses are similar to Web security: Injection Attacks with Java & Spring Boot?
-
Updated 2y agoStratospheric - From Zero to Production with Spring Boot and AWS + BOOK
By: LeanpubMaster the art of deploying Java applications with our hands-on online course designed to teach you everything you need to know about getting a Spring Boot.7h 19m -
Updated 3y agoFull Stack HATEOAS: Spring Boot 2.1, ReactJS, Redux
By: UdemyFull Stack introduction to HATEOAS. In this course, you will learn the core concepts of HATEOAS as well as how to leverage this on a ReactJS Application.5h 51m -
Updated 2y agoRESTful Web Services, Java, Spring Boot, Spring MVC and JPA
By: UdemyThis video course also covers the H2 in-memory database and teaches how to build RESTful Web Service that stores data in a database without a need to install My25h 8m -
Updated 2y agoMicroservices and Distributed Systems
By: Nelson Djalo (Amigoscode)Microservices are an architectural and organisational approach to software development where software is composed of small independent services that.11h 18m5/5 -
Updated 3y agoSpring Framework 5: Beginner to Guru
By: UdemyLearn Spring with the most modern and comprehensive course available for Spring Framework 5 and Spring Boot 2. You will see how to build multiple real world56h 53m5/5 -
Updated 7mo agoCreate Animated Breaking News Graphics with HTML, CSS and JavaScript
By: Zero To MasteryMaster the creation of dynamic overlays and animations for streams, scoreboards, and TV graphics. Learn the principles of working with animation and web technol2h 40m -
Updated 3y agoGo Full Stack with Spring Boot and React
By: UdemyWelcome to this Amazing Course on Full Stack Web Development with React and Spring Boot. This course is designed to be a Perfect First Step as an Introduction t11h 43m5/5
More courses by Udemy
-
NewReact - The Complete Guide
React: The Complete Guide by Maximilian Schwarzmüller — original 2022 edition covering React hooks, Redux, Context API, Next.js basics.47h 42m5/5 -
Updated 3y agoComplete C# Unity Game Developer 3D
This is the long-awaited sequel to the Complete Unity Developer - one of the most popular e-learning courses on the internet!30h 34m -
Updated 3y agoNest.js Microservices: Build & Deploy a Scaleable Backend
Nest.js is an incredible backend framework that allows us to build scaleable Nodejs backends with very little complexity. A Microservice architecture is a popul5h 39m5/5 -
Updated 3y agoThe HTML & CSS Bootcamp 2023 Edition
Brand new HTML & CSS course, just released in February 2023 Check out the promo video to see the beautiful, responsive projects we build in this course!37h 18m5/5 -
Updated 3y agoMicroservices with Node JS and React
Event-Based Architecture? Covered! Server side rendering with React? Yep. Scalable, production-ready code? Its here!54h 13m5/5 -
FreeClassic100 Days of Code - The Complete Python Pro Bootcamp for 2023
Watch the 100 Days of Code Python Pro Bootcamp free: 100 daily projects covering Python basics, web scraping, data science, automation and GUI apps.58h 35m5/5
Frequently asked questions
What are the prerequisites for enrolling in this course?
Prospective students should have a basic understanding of Java programming and familiarity with web development concepts. Knowledge of the Spring Boot framework will be beneficial, as the course includes lessons on integrating Spring Boot with security features. A general awareness of web application structures, such as the use of APIs and authentication mechanisms, will also help in grasping the security concepts taught in this course.
What projects will I build during the course?
Throughout the course, students will build several applications focused on demonstrating and securing against various types of injection attacks. This includes creating a SQL Injection application, a NoSQL injection module using MongoDB, and an LDAP injection setup. Students will learn to hack these applications and then implement preventative measures such as validation, sanitization, and the use of prepared statements.
Who is the target audience for this course?
The course is designed for Java web developers who are interested in enhancing their understanding of web security, particularly with respect to injection attacks. It is also suitable for those looking to learn about ethical hacking and application security to better protect their applications against common vulnerabilities listed in the OWASP Top 10.
How does the depth of this course compare to similar offerings?
This course delves deeply into the topic of injection attacks, covering various forms such as SQL, NoSQL, LDAP, and LOG injections. It provides hands-on experience with hacking and securing applications, making it more in-depth than general web security courses. Each type of injection is explored through coding exercises, configuration tasks, and security implementations specific to Java and Spring Boot.
What specific tools or platforms are covered in this course?
The course covers several tools and technologies including Spring Boot, Burp Suite for HTTP Get vulnerabilities, PostgreSQL for SQL injections, MongoDB for NoSQL injections, and Logback for LOG injections. Students will also use Maven for dependency management and learn to implement Spring Data JPA for database interactions.
What topics are not covered in this course?
While the course provides comprehensive coverage of injection attacks, it does not cover other types of web security vulnerabilities outside the OWASP Top 10 injection category. For example, topics like Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and security misconfigurations are not addressed in this course.
What is the time commitment required to complete the course?
The course consists of 76 lessons, each designed to provide a detailed understanding of injection attacks and their prevention. Although the exact runtime is unspecified, students should allocate sufficient time to engage with the lessons, complete hands-on exercises, and absorb the extensive material on securing web applications using Java and Spring Boot.