CourseFlix

Web security: Injection Attacks with Java & Spring Boot

8h 44m 36s
English
Paid

Are you a Java web developer and want to write secure code? Do you want to learn Ethical hacking and Web application security?  With this hands-on injection attacks course you will start learning web security using one of the top vulnerabilities of OWASP Top 10 list. Injection attack is still listed in top 3 attacks in the OWASP Top 10 and it is important to prevent against injection attacks to develop secure web applications.

As part of the blue and red security teams,I have a practical knowledge and I am here to help you learn the injection vulnerability in detail.

In this course, you will focus on different type of injection attacks;

  • SQL Injection

  • NoSQL injection

  • LDAP injection

  • LOG injection

  • CSV injection

Ethical hacking and Web application security are the two important subjects of Cyber Security field and having practical knowledge about Injections will enable you to better understand the security concepts and make a quick start.

In this course you will follow defense-in-depth principle and apply multiple solutions to each vulnerability to secure the web application in multiple layers.

You will follow a hands-on approach. You will not only learn how to exploit an application using different kind of injection attacks, but also develop the vulnerable applications from scratch in which you will have a common web login module with Thymeleaf and Bootstrap for a basic front-end, with Spring security form login authentication & authorisation, and with separate applications for SQL, NoSQL and LDAP injections.

The applications will be developed using Java, Spring boot and Spring Data along with the most used data sources, such as PostgreSQL for SQL Injection, MongoDB for NoSQL injection and OpenLDAP for LDAP injection.

In each section there will be;

  • Development of the vulnerable web application using Java, Spring boot and Spring security

  • Hacking of the application with various attack payloads and with Ethical hacking examples

  • Protection steps and the implementations to prevent injection attacks

At the end of the course you will understand the different type of injection vulnerabilities, perform injection attacks against the vulnerable web applications you have developed, and learn how to protect your applications against the injection attacks using various techniques such as,

  • Validation and sanitisation using white list approach

  • Parametrised queries with prepared statements

  • Escaping output

  • Using secure trusted libraries

  • Error handling and logging

  • General coding practices

If you want to skip the development and only perform the hacking of applications, you can jump into the injection lectures and download the source code provided in the resources section of that lecture. Be aware that you will still need to install PostgreSQL for SQL Injection, MongoDB for NoSQL injection and OpenLDAP docker container for LDAP injection. You can see how to install and configure these data sources in the beginning lectures of each injection section.

About the Author: Udemy

Udemy thumbnail

Udemy is the largest open marketplace for online courses on the internet. Founded in 2010 by Eren Bali, Oktay Caglar, and Gagan Biyani and headquartered in San Francisco, the company went public on the Nasdaq in 2021 under the ticker UDMY. The platform hosts well over two hundred thousand courses across software development, IT and cloud, data science, design, business, marketing, and creative skills, taught by tens of thousands of independent instructors. Roughly seventy million learners use it worldwide, and the corporate arm — Udemy Business — supplies a curated subset of that catalog to enterprise customers.

Because Udemy is a marketplace rather than a single editorial publisher, the catalog is uneven by design. The strongest material lives in the long-form, project-based courses authored by working engineers — full-stack JavaScript, React, Node.js, Python data science, AWS, Docker and Kubernetes, mobile development with Flutter and React Native, and cloud certification preparation. The CourseFlix listing under this source is the slice of that catalog that has been mirrored here for offline-friendly viewing, organized by topic and updated as new releases land. Pricing on Udemy itself swings dramatically with the site's near-permanent sales, which is why the platform is best treated as a deep reference catalog: pick instructors with strong reviews and a track record of updating their material rather than buying on the headline price alone.

Watch Online 76 lessons

This is a demo lesson (10:00 remaining)

You can watch up to 10 minutes for free. Subscribe to unlock all 76 lessons in this course and access 10,000+ hours of premium content across all courses.

View Pricing
0:00
/
#1: Why to learn Secure coding principles & Web security?
All Course Lessons (76)
#Lesson TitleDurationAccess
1
Why to learn Secure coding principles & Web security? Demo
06:54
2
Structure of the course
04:24
3
Setting up the environment
06:57
4
Adding the base pom.xml with basic maven dependencies
07:38
5
Creating common login module with dependencies, thymeleaf templates & bootstrap
07:27
6
Creating the package structure and adding interfaces
03:28
7
Adding authentication provider and user details to customise form authentication
09:14
8
Adding web security configuration for Spring security form login authentication
07:35
9
Adding API endpoints
06:01
10
Adding Custom Error Controller
11:16
11
Introduction to Injections
02:24
12
Explaining SQL injection
01:53
13
Creating SQL Injection application with dependencies and configuration
08:50
14
Adding PostgreSQL init files, packages and validator implementation
07:54
15
Implementing Spring Data JPA entities
03:18
16
Adding Spring Data JPA repository interfaces
03:23
17
Implementing Spring Data JPA repository
08:40
18
Adding SQL injection user detail service implementation
06:41
19
Implementing user service interface
03:27
20
Hacking SQL Injection application using login form with Http Post - Part 1
07:24
21
Hacking SQL Injection application using login form with Http Post - Part 2
06:36
22
Hacking SQL Injection application with Http Get - Part 1
08:51
23
Hacking SQL Injection application with Http Get - Part 2
06:20
24
Hacking SQL Injection application with Http Get - Part 3 - Using Burp Suite
12:20
25
Extending Http Get vulnerability to read system files - Part 1
07:48
26
Extending Http Get vulnerability to read system files - Part 2
08:01
27
Preventing Sql injection: Validation and Sanitisation
11:41
28
Preventing Sql injection: Using Prepared statements
10:20
29
Preventing Sql injection: Summary
07:43
30
A final attack using a vulnerable SQL function
04:09
31
Explaining NoSQL injection
02:08
32
Adding NoSQL injection module with dependencies using MongoDB
08:41
33
Adding configuration and init data file
07:55
34
Adding packages and validator implementation
04:35
35
Implementing mongoDB configuration
08:09
36
Adding repository interfaces
08:07
37
Implementing repository and adding service layer classes
08:54
38
Hacking NoSQL injection application: Using login form
10:10
39
Hacking NoSQL injection: Using user info endpoint with Regex
06:01
40
Preventing NoSQL injection: Validation and sanitisation
07:16
41
Preventing NoSQL injection: Using criteria Api
08:33
42
Preventing NoSQL injection: Using JPA repository
04:48
43
Explaining LDAP injection
02:04
44
Adding LDAP injection module with LDAP schema file
07:54
45
Adding dependencies,configuration and startup file to initialisatize LDAP schema
09:41
46
Creating packages and adding Spring boot starter class to initialise LDAP data
06:29
47
Creating entity and validation implementations, and repository interfaces
05:16
48
Adding LDAP helper class for LDAP operations
11:56
49
Completing the user repository implementation
05:16
50
Completing the user role repository and service implementation
06:44
51
Hacking LDAP injection - Part 1
06:21
52
Hacking LDAP injection - Part 2
05:52
53
Preventing LDAP injection: Validation and sanitisation
04:19
54
Preventing LDAP injection: Using secure libraries
11:36
55
Explaining LOG injection
03:46
56
Adding a new endpoint to use in LOG injection attacks
05:51
57
Adding log data endpoint and thymeleaf template to view logs by admin user
07:30
58
Adding Logback configuration
06:02
59
Creating the attacker application
04:06
60
Hacking LOG injection with Line Feed
05:05
61
Hacking LOG injection with Carriage Return
08:44
62
Hacking LOG injection: XSS attack - Part 1
06:50
63
Hacking LOG injection: XSS attack - Part 2
05:34
64
Preventing LOG injection: Validation and using trusted libraries protections
08:03
65
Preventing LOG injection: XSS attacks
06:27
66
Explaining CSV injection
02:00
67
Adding new interfaces
04:45
68
Adding user detail Api methods for CSV injection
08:18
69
Adding export user details Api method for CSV injection
05:54
70
Adding data access implementation classes
04:20
71
Implementing user detail service
09:42
72
Implementing excel generator service
11:49
73
A new endpoint on attacker web site
01:31
74
Hacking CSV injection using excel formula
10:11
75
Preventing CSV injection - Part 1
09:35
76
Preventing CSV injection - Part 2
11:11
Unlock unlimited learning

Get instant access to all 75 lessons in this course, plus thousands of other premium courses. One subscription, unlimited knowledge.

Learn more about subscription

Course content

76 lessons · 8h 44m 36s
Show all 76 lessons
  1. 1 Why to learn Secure coding principles & Web security? 06:54
  2. 2 Structure of the course 04:24
  3. 3 Setting up the environment 06:57
  4. 4 Adding the base pom.xml with basic maven dependencies 07:38
  5. 5 Creating common login module with dependencies, thymeleaf templates & bootstrap 07:27
  6. 6 Creating the package structure and adding interfaces 03:28
  7. 7 Adding authentication provider and user details to customise form authentication 09:14
  8. 8 Adding web security configuration for Spring security form login authentication 07:35
  9. 9 Adding API endpoints 06:01
  10. 10 Adding Custom Error Controller 11:16
  11. 11 Introduction to Injections 02:24
  12. 12 Explaining SQL injection 01:53
  13. 13 Creating SQL Injection application with dependencies and configuration 08:50
  14. 14 Adding PostgreSQL init files, packages and validator implementation 07:54
  15. 15 Implementing Spring Data JPA entities 03:18
  16. 16 Adding Spring Data JPA repository interfaces 03:23
  17. 17 Implementing Spring Data JPA repository 08:40
  18. 18 Adding SQL injection user detail service implementation 06:41
  19. 19 Implementing user service interface 03:27
  20. 20 Hacking SQL Injection application using login form with Http Post - Part 1 07:24
  21. 21 Hacking SQL Injection application using login form with Http Post - Part 2 06:36
  22. 22 Hacking SQL Injection application with Http Get - Part 1 08:51
  23. 23 Hacking SQL Injection application with Http Get - Part 2 06:20
  24. 24 Hacking SQL Injection application with Http Get - Part 3 - Using Burp Suite 12:20
  25. 25 Extending Http Get vulnerability to read system files - Part 1 07:48
  26. 26 Extending Http Get vulnerability to read system files - Part 2 08:01
  27. 27 Preventing Sql injection: Validation and Sanitisation 11:41
  28. 28 Preventing Sql injection: Using Prepared statements 10:20
  29. 29 Preventing Sql injection: Summary 07:43
  30. 30 A final attack using a vulnerable SQL function 04:09
  31. 31 Explaining NoSQL injection 02:08
  32. 32 Adding NoSQL injection module with dependencies using MongoDB 08:41
  33. 33 Adding configuration and init data file 07:55
  34. 34 Adding packages and validator implementation 04:35
  35. 35 Implementing mongoDB configuration 08:09
  36. 36 Adding repository interfaces 08:07
  37. 37 Implementing repository and adding service layer classes 08:54
  38. 38 Hacking NoSQL injection application: Using login form 10:10
  39. 39 Hacking NoSQL injection: Using user info endpoint with Regex 06:01
  40. 40 Preventing NoSQL injection: Validation and sanitisation 07:16
  41. 41 Preventing NoSQL injection: Using criteria Api 08:33
  42. 42 Preventing NoSQL injection: Using JPA repository 04:48
  43. 43 Explaining LDAP injection 02:04
  44. 44 Adding LDAP injection module with LDAP schema file 07:54
  45. 45 Adding dependencies,configuration and startup file to initialisatize LDAP schema 09:41
  46. 46 Creating packages and adding Spring boot starter class to initialise LDAP data 06:29
  47. 47 Creating entity and validation implementations, and repository interfaces 05:16
  48. 48 Adding LDAP helper class for LDAP operations 11:56
  49. 49 Completing the user repository implementation 05:16
  50. 50 Completing the user role repository and service implementation 06:44
  51. 51 Hacking LDAP injection - Part 1 06:21
  52. 52 Hacking LDAP injection - Part 2 05:52
  53. 53 Preventing LDAP injection: Validation and sanitisation 04:19
  54. 54 Preventing LDAP injection: Using secure libraries 11:36
  55. 55 Explaining LOG injection 03:46
  56. 56 Adding a new endpoint to use in LOG injection attacks 05:51
  57. 57 Adding log data endpoint and thymeleaf template to view logs by admin user 07:30
  58. 58 Adding Logback configuration 06:02
  59. 59 Creating the attacker application 04:06
  60. 60 Hacking LOG injection with Line Feed 05:05
  61. 61 Hacking LOG injection with Carriage Return 08:44
  62. 62 Hacking LOG injection: XSS attack - Part 1 06:50
  63. 63 Hacking LOG injection: XSS attack - Part 2 05:34
  64. 64 Preventing LOG injection: Validation and using trusted libraries protections 08:03
  65. 65 Preventing LOG injection: XSS attacks 06:27
  66. 66 Explaining CSV injection 02:00
  67. 67 Adding new interfaces 04:45
  68. 68 Adding user detail Api methods for CSV injection 08:18
  69. 69 Adding export user details Api method for CSV injection 05:54
  70. 70 Adding data access implementation classes 04:20
  71. 71 Implementing user detail service 09:42
  72. 72 Implementing excel generator service 11:49
  73. 73 A new endpoint on attacker web site 01:31
  74. 74 Hacking CSV injection using excel formula 10:11
  75. 75 Preventing CSV injection - Part 1 09:35
  76. 76 Preventing CSV injection - Part 2 11:11

Related courses

Frequently asked questions

What is Web security: Injection Attacks with Java & Spring Boot about?
Are you a Java web developer and want to write secure code? Do you want to learn Ethical hacking and Web application security? With this hands-on injection attacks course you will start learning web security using one of the top…
Who teaches Web security: Injection Attacks with Java & Spring Boot?
Web security: Injection Attacks with Java & Spring Boot is taught by Udemy. You can find more courses by this instructor on the corresponding source page.
How long is Web security: Injection Attacks with Java & Spring Boot?
Web security: Injection Attacks with Java & Spring Boot contains 76 lessons with a total runtime of 8 hours 44 minutes. All lessons are available to watch online at your own pace.
Is Web security: Injection Attacks with Java & Spring Boot free to watch?
Web security: Injection Attacks with Java & Spring Boot is part of CourseFlix's premium catalog. A CourseFlix subscription unlocks the full video player; the course description, table of contents, and preview information are available to everyone.
Where can I watch Web security: Injection Attacks with Java & Spring Boot online?
Web security: Injection Attacks with Java & Spring Boot is available to watch online on CourseFlix at https://courseflix.net/course/web-security-injection-attacks-with-java-spring-boot. The page hosts every lesson with the integrated video player; no download is required.