Web security: Injection Attacks with Java & Spring Boot

Set up a base pom.xml to power a reusable login module with Thymeleaf templates and Bootstrap, and establish dependency management with Lombok for future Java Spring Boot applications.

Create a login module with interfaces for entities (get and set methods), a user service for authentication by username and password, and a validator across five packages.

Introduce spring security to module, implement a login user with user details and a custom authentication provider, validate credentials from the login form, and return a username password authentication token.

Explore adding Spring Security form login by implementing a custom web login entry point and security config, enabling web security and method security, and configuring login, logout, and error handling.

Create a custom error controller in Spring Boot to tailor authentication error handling, display messages via Thymeleaf, and expose error endpoints for login and to follow SQL injection attacks.

Explore how sql injection occurs when user input reaches the SQL engine, enabling authentication bypass, data disclosure, and escaping. Defend with prepared statements, stored procedures, input validation, and least privilege.

Create a sql injection application as a maven module with postgres and pgadmin. Highlight plain text credentials in the application yaml while initializing a schema injection and populating data.

Create PostgreSQL init files to define users and user roles, insert sample users and roles, and set up a Spring Boot module with a SQL input validator and structured packages.

Create a user repository with methods to find by username and password, by username, and by user id; extend it with a JPA user repository and a user role repository.

Develop a Spring Data JPA repository by implementing a custom user repository with methods for find by username and password, and by user id, using an entity manager.

Implement a sql injection user detail service in Java with Spring Boot, wiring user and role repositories, mapping roles to granted authorities, and handling username not found errors.

Implement a spring-managed user service by annotating as a service, injecting the user repository via constructor, and logging calls to get user info and to find by username and password.

Expose how a deliberately vulnerable login form reveals authentication flaws and error handling while testing SQL injection techniques with http post and manual queries.

Demonstrates SQL injection through a login form with HTTP POST, showing how or 1=1 and dash comment tricks bypass authentication, and why returning a single result prevents the attack.

Explore sql injection via http get against a vulnerable app, use burp suites, and craft union queries with url encoding to reveal user data and PostgreSQL details.

Explore how to exploit SQL injection with http get by using union queries against information_schema to enumerate table schemas and names, then retrieve user data via Burp Suite.

Demonstrate SQL injection techniques using union select and encoded payloads to read text and system files, and discuss prevention methods to be covered in the next lecture.

Guard against SQL injection by validating inputs with a blacklist-to-whitelist shift using regex for usernames, user IDs, and passwords, enhancing defense in depth in Java and Spring Boot.

Secure SQL databases by combining input validation with parameterized queries, using placeholders and binding values to prevent injection and improve performance through prepared statements.

Configure the application yaml to define app name, no sql injection toggle, server port 8182, and info logging, and prepare a json data file for users and roles in mongodb.

Create a spring boot project with base packages com secure coding demo, establish validator, config, data access, and service packages, and implement a no sql input validator with null checks.

Create a spring configuration class for MongoDB, wire the database name and client from application yaml, configure a connection string, and initialize data from a json file.

Develop repository and service layer classes for a MongoDB-backed Java app, implementing custom queries and injection templates, and preview upcoming exploitation in the next lecture.

Demonstrates hacking NoSQL injection in a MongoDB-backed app by using a regex payload on the user id field to retrieve admin details, and outlines protection steps for prevention.

Apply defense in depth by validating and sanitizing user input on the server, using a whitelist with regex to prevent NoSQL injection in MongoDB.

Replace Mongo templates with a Mongo repository to prevent NoSQL injection, using repository methods such as find by username and password, with validation and parameterized queries.

Explains LDAP injection, how an attacker uses user input to alter LDAP commands, and defense through input validation, escaping, least privilege, and using Spring LDAP query builders.

Create a ldap injection module as a maven project and run a local ldap server. Use the openldap docker image, map a schema file, and expose ports 389 and 636.

Automate ldap schema setup at startup by running the OpenLDAP docker image and executing the schema file, then configure application yaml with ldap details and a listener for ldap injection.

Develop LDAP injection defenses by building a spring-managed input validator, defining user and user role entities with non-null fields, and creating repositories for user and role lookups.

Integrate Ldap helper with the repository via constructor injection. Create a query Ldap method and convert Ldap attributes to a user with null checks, log NamingException, and throw runtime exceptions.

Implement the user role repository and service using dependency injection with a real repository interface, map user attributes to groups, and return optional results, with annotation setup and error handling.

Explains how LDAP injection payloads can bypass login and reveal admin usernames by querying the user info endpoint, enabling login as admin without passwords.

Secure ldap operations by using spring ldap with ldap query builder and ldap templates to automatically escape unsafe characters, validate inputs, and map attributes to user objects.

Explain log injection vulnerabilities by showing how attacker-supplied data can corrupt logs with crlf sequences, and outline defenses such as input sanitization, crlf filtering, size limits, and utf eight encoding.

Add a new endpoint in the web login controller to fetch user information by username using a get mapping and a parameterized prepared statement query through the user service.

Create a log data endpoint that reads the log file path from application yaml and renders logs in a thymeleaf template for admin users with authenticated access.

Create an attacker endpoint in a Spring Boot app to log and steal a user cookie, demonstrating log injection and preparing exploitation in the next lecture.

Demonstrates how log injection can enable xss and steal the admin session cookie through unescaped rendering. Advocates defense in depth with escaped text, safe templates, and sanitization.

Prevent log injection by validating and sanitizing user data on the server, using a whitelist regex, and applying OWASP security logging with logback to prevent crlf attacks.

Discover how to prevent log injection and XSS attacks by securing session cookies with HttpOnly, escaping log outputs, and applying defense in depth with input validation, encoding, and trusted libraries.

Create a user detail interface and a default implementation, add a user detail service, and introduce an Apache POI Excel generator to export user details to Excel, demonstrating CSV injection.

The web login controller adds upsert user detail methods with post mappings, injects user detail and excel generator services via constructor injection, and uses thymeleaf templates for csv injection features.

Export user details as an Excel file via a dedicated API method, using Apache POI to generate the workbook and stream it to the response for download as user details.xls.

Create and configure the user_details data access layer by initializing the schema, defining a JPA entity, and a repository for injection testing. This lecture implements the user_details table with primary and foreign keys and prepares a service skeleton to support SQL and CSV injection experiments.

Explore creating an endpoint on attacker websites to harvest user details, including address and credit cards, using request parameters and CSP injection. Get a preview of how this endpoint will be used in the next lecture.

Learn to prevent csv injection by applying whitelist validation and spring boot validation, creating a custom user detail validator annotated for runtime validation, and handling constraint violations.

Implement an exception handler with controller advice to catch constraint violations and render error messages. Prevent csv injection by validating input and applying quotes wrapping and escaping per OWASP guidance.