0

  • No products in the cart.

Attacking and Securing Java / JEE Web Applications (TT8320-J)

ratings 

Attacking and Securing Java Web Applications is a lab-intensive, hands-on Java / JEE security training course that provides a unique coverage of Java application security. In this course, you will begin with penetration testing, hunting for bugs in Java web applications. Then thoroughly examine best practices for defensively coding web applications, covering all the OWASP Top Ten as well as several additional prominent vulnerabilities (such as file uploads, CSRF and direct object references).

PRIVATE
Course Access

Unlimited Duration

Last Updated

March 11, 2021

Students Enrolled

Total Reviews

Posted by

ashar hafeez

Certification

This course begins by developing the skills required to fingerprint a web application and then scan it for vulnerabilities and bugs. In this course you will learn about: 

· Ensure that any hacking and bug hunting is performed in a safe and appropriate manner

· Identify defect/bug reporting mechanisms within their organizations

· Setup and use various tools and techniques to determine a web application’s operational environment

· Setup and use various tools and techniques to enumerate all aspects of a web application

· Setup and use various tools and techniques to scan a web application for vulnerabilities

· Work with specific tools for targeted vulnerabilities

· Avoid common mistakes that are made in bug hunting and vulnerability testing

· Understand the concepts and terminology behind defensive, secure coding including the phases and goals of a typical exploit

· Develop an appreciation for the need and value of a multilayered defense in depth

· Understand potential sources for untrusted data

· Understand the consequences for not properly handling untrusted data such as denial of service, cross-site scripting, and injections

· To test web applications with various attack techniques to determine the existence of and effectiveness of layered defenses

· Prevent and defend the many potential vulnerabilities associated with untrusted data

· Understand the vulnerabilities of associated with authentication and authorization

· Detect, attack, and implement defenses for authentication and authorization functionality and services

· Understand the dangers and mechanisms behind Cross-Site Scripting (XSS) and Injection attacks

· Detect, attack, and implement defenses against XSS and Injection attacks

· Understand the risks associated with XML processing, file uploads, and server-side interpreters and how to best eliminate or mitigate those risks

· Learn the strengths, limitations, and use for tools such as code scanners, dynamic scanners, and web application firewalls (WAFs)

· Understand techniques and measures that can used to harden web and application servers as well as other components in your infrastructure

Course Curriculum

    • Why Hunt Bugs? 00:00:00
    • Safe and Appropriate Bug Hunting/Hacking 00:00:00
    • Scanning Applications Overview 00:00:00
    • Removing Bugs 00:00:00
    • Principles of Information Security 00:00:00
    • Unvalidated Data 00:00:00
    • A1: Injection 00:00:00
    • A2: Broken Authentication 00:00:00
    • A3: Sensitive Data Exposure 00:00:00
    • A4: XML External Entities (XXE) 00:00:00
    • A5: Broken Access Control 00:00:00
    • A6: Security Misconfiguration 00:00:00
    • A7: Cross Site Scripting (XSS) 00:00:00
    • A8/9: Deserialization/Vulnerable Components 00:00:00
    • A10: Insufficient Logging and Monitoring 00:00:00
    • Spoofing, CSRF, and Redirects 00:00:00
    • Moving Forward with Application Security 00:00:00
    • Applications: What Next? 00:00:00
    • Making Application Security Real 00:00:00

    Course Reviews

    Profile Photo
    ashar hafeez
    0
    62

    Students

    About Instructor

    Pak

    Course Events

    [wplms_eventon_events]

    More Courses by Insturctor

    © 2021 Ernesto.  All rights reserved.  
    X