
Explore how REST APIs in Java Spring Boot act as gateways between software components, how unsecured APIs enable data breaches, and how penetration testing reveals threats and prevention techniques.
Explore hands-on code to build and mitigate security threats in a Spring Boot 2 API using Java 15, PostgreSQL, and Postman, with downloadable resources and references.
Explore sql injection threats from dynamic code built on user input, where dangerous queries can run, and learn why frameworks don’t fully prevent vulnerable string-joined sql in api access.
Build a SQL injection filter in Spring Boot that sanitizes input with regex, blocks dangerous queries, and validates email and gender codes using Spring validations.
Explore how to prevent exposing stack traces in sql injection scenarios, implement a generic ApiErrorMessage, and handle SQLException with RestControllerAdvice to log details and return a safe error.
Shows that a framework alone doesn’t guarantee sql-injection safety: compare JPA with dynamic JPQL, using JpaCustomerDangerDAO, an EntityManager, and a RestController at /api/sqlinjection/danger/v2.
Show how to prevent sql injection in jpa by using parameterized input in JpaCustomerSafeDAO and a /safe API, tested via the Postman collection 'JPA Safe'.
Explore defense-in-depth against sql injection by using prepared statements, least-privilege access, input sanitization and validation, and credential rotation with tools like Spring and Vault. Understand how WAFs, logging, audits, and API proxies help detect and block attacks in legacy systems.
Demonstrate xss vulnerability by building a simple rest api greet endpoint at /api/xss/danger/v1 that returns a time-based message, served with an html fetch page and a downloadable xss example file.
Explore how a vulnerable rest api and react frontend handle xss by creating a sample app, inserting dangerous strings into articles, and observing script execution in the browser.
Explore where to place security code across API deployment layers and implement threat prevention in REST APIs with Java Spring Boot.
Create WhitelistIpFilter extending OncePerRequestFilter and annotate with @Component to enforce an IP whitelist. Test by hitting the green endpoint; localhost IPv6 and a dummy IPv4 address are used.
Explore the security risk of using http basic authentication, the role of the www-authenticate header, and how browsers may save credentials on shared/public computers.
In this 12+ hours course, you will learn about the importance of securing your API.
In this course, you will learn basic API threat and how to prevent the threat to protect your API.
This API security course is very handy for knowing the security knowledge to keep your API secure and prevent multiple attack threats.
Not just the theory of what are the threats, in this course we will learn the hands-on implementation on API security to prevent those threats, using Java Spring boot.
To understand the code, you must be able to at least write REST API and database transaction using spring boot.
We will learn how to secure API against SQL injection, XSS (Cross Site Scripting), DoS (Denial of Service).
We will also learn how to do encoding, encryption, or hashing on Java Spring Boot, which is essential knowledge in security.
Then, secure your API against many possible alternatives for protection : start from the most basic authentication, cookie, or up-to-date JWT token (including encrypted JWE)
Learn how to utilise Okta for OAuth2 authentication, plus multi factor authentication (using Google Authenticator and email) in less than 1 hour
Not just backend, see how to protect your frontend (HTML / ReactJS) from several possible threats
Learn abour CORS (Cross Origin Resource Sharing)
Access control list
All you get in one API security course.
Plus, you will get FREE update FOREVER!
Important!
This course uses Spring Boot version 2.x.
On late November 2022, Spring Boot 3.0.0 released. It takes time for updating the course to Spring boot 3.0.0, but I will do my best.
In the meantime, you have several options:
works with latest version of Spring boot 2.x, and the course should full compatible
works with Spring boot 3.x. Most of the courses should works, but some parts might need adjustment.