Certified Secure Coder- Java (CSC-Java)

This course teaches how to hack and secure Java. Owasp top10(A1 to A10) for Java.
3.3 (38 ratings) Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
549 students enrolled
$20
Take This Course
  • Lectures 73
  • Contents Video: 4 hours
  • Skill Level Intermediate Level
  • Languages English
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
    Certificate of Completion
Wishlisted Wishlist

How taking a course works

Discover

Find online courses made by experts from around the world.

Learn

Take your courses with you and learn anywhere, anytime.

Master

Learn and practice real-world skills and achieve your goals.

About This Course

Published 1/2015 English

Course Description

This course teaches the programmers on how to exploit(hack) and defend against various attacks on Java. The course is designed around OWASP Top10 which is common standard which is used in design, architecture, testing of web applications.

The course contains video/audio lectures. It has Theory on Java web programming(Exploit, Defense) . It also has Demos of exploitation and Defense. It gives students practical insight into coding web application in Java securely. We recommend students to study the course over a period of 15 days and attempt the quiz at the end of the period. we also recommend students to study various resource material available on the internet in various forums including OWASP official website.

The course is structured according to OWASP Top 10 from A1 to A10. In each of the OWASP Top10 sessions we have categorized presentation, exploitation, defense. Any programmer who is programming in Java, should take this course. Secure Java programmers are prefered by organisations across the globe.

What are the requirements?

  • Basic programming in Java
  • web based programming language

What am I going to get from this course?

  • Learn to Hack and Write Secure Java code
  • Learn the OWASP Top10 Methodology A1 - A10
  • Apply the above OWASP Top10 methodology on Java programming

What is the target audience?

  • Programmers who code in Java
  • Design Engineers, Architects who design or architecture for Java based programs
  • Security testers and Functional testers who test Java based programs
  • Java EE programmers

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.

Curriculum

Section 1: A1-Injection
04:25

This lecture has external link to setup the java vulnerable labs

Login Bypass using SQL Injection -Demo
03:37
Union Exploitation Technique -Presentation
05:52
Union Exploitation Technique -Demo
04:05
Blind SQL Injection Presentation
05:11
Blind SQL Injection - Demo(Manual)
06:17
Blind SQL Injection - Demo(Automated)
02:17
SQL Injection Prevention
02:03
SQL Injection Prevention - Demo (Input Validation)
03:33
SQL Injection Prevention - Demo (Prepared Statement)
02:30
Section 2: HTML Injection
HTML Injection PPT
01:17
HTML Injection Demo
05:08
Section 3: XML Injection
XML Injection PPT
02:30
XML External Entity Injection Demo
03:54
XML External Entity Injection Prevention demo
01:26
Section 4: XSLT Injection
XSLT Injection PPT
01:15
XSLT Demo
04:14
XSLT Prevention
03:53
Section 5: Xpath injection
Xpath Injection PPT
01:35
XPath Demo
04:49
XPath injection Prevention
01:20
Section 6: ORM Injection
ORM injection Presentation
00:57
ORM injection Demo
02:16
ORM Prevention
01:33
Section 7: A2- Broken Authentication and Session Management
Broken Authentication and Session Management - Presentation
07:28
Improper Restriction of Excessive Authentication Attempts - Demo
02:13
Captcha - Demo
05:07
Usage of Cookies without Validation & Integrity Checking in a Security Decision
01:32
Avoiding usage of cookie data for a security-related decision - Demo
04:10
Section 8: A3- Cross Site Scripting (XSS)
Introduction to XSS
02:28
Reflected XSS - Presentation
03:17
Reflected XSS - Demo
02:25
Stored XSS - Presentation
05:37
Stored XSS - Demo
02:49
XSS Prevention - Presentation
02:41
XSS Prevention - Demo(JSTL Tag)
01:41
XSS Prevention - Demo (ESAPI)
02:19
XSS Prevention - Demo(HTTP-Only Flag)
03:04
Section 9: A4- Insecure Direct Object References
Insecure Direct Object References - Presentation
03:39
Reading Sensitive data of other users - Demo
01:44
Modifying Data of other users - Demo
02:17
Reading Arbitrary files - Demo
02:19
Insecure Direct Object References Prevention - Presentation
02:02
Insecure Direct Object References Prevention - Demo
06:48
Section 10: A5- Security Misconfiguration
Security Misconfiguration - Presentation
02:42
Default Login Credentials - Demo
01:53
Default Error Page - Demo
02:37
Prevention Demo - Error Handling
02:54
Section 11: A6- Sensitive Data Exposure
Sensitive Data Exposure - Presentation
Preview
03:57
Cleartext Transmission of Sensitive Information - Demo
01:35
Cleartext Storage of Sensitive Information - Demo
01:27
Hashing Password without a salt -Demo
02:45
Sensitive data in Cookie - Demo
01:07
Prevention Demo - Salted Hash
04:26
Section 12: A7-Missing Function Level Access Control
Missing Function Level Access Control - Presentation
04:29
Missing Function Level Access Control - Demo 1
02:25
Links to sensitive pages in robots.txt
02:20
Forced Browsing - Demo
02:55
Missing Function Level Access Control Prevention- Presentation
01:11
Missing Function Level Access Control Prevention- Demo
04:51
Section 13: A8- Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery - Presentation
06:21
CSRF Demo (Get Based)
03:12
CSRF Demo ( Post-Based)
07:13
Cross-Site Request Forgery Prevention - Presentation
05:53
CSRF Prevention - Demo(CSRFGuard)
12:26
Section 14: A9- Using Components with Known Vulnerabilities
Using Components with Known Vulnerabilities - Presentation
04:10
Spring Framework - Demo
03:21
Prevention - Demo
02:06
Section 15: A10-Unvalidated Redirects and Forwards
Unvalidated Redirects and Forwards -Presentation
Preview
06:28
Open URL Redirect - Demo
01:29
Open URL Forward -Demo
01:43
Unvalidated Redirects and Forwards Prevention -Presentation
01:34
Prevention - Demo
02:32
Hacking & Securing Java Web Programming
10 questions

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

Cyber Security and Privacy Foundation Pte Ltd. is a Consulting, Services & Training Company based in Singapore. We do Vulnerability Assessment, Penetration Testing, Web Application Security Testing, Mobile Application Security Testing and Cyber Security Training. We do zero day security assessment and APT analysis and technical security certifications for organisation.

Cyber Security & Privacy Foundation, India is setup with objective to do non commercial work. It has around 14000+ members and almost 9000+ students and CISO's of major companies on its board. We are involved in active research in field on cyber security, web portal security management, product research which is useful for all computer users.

J Prasanna : 20+ year full time experience in field of computer security. He has worked for anti virus companies & run my own consulting companies. He have worked on standards implementation, consulting, testing, handled team of security experts, coders & networking experts. Can provide value to any organization by thinking out of box,implementing ideas from conceptual stage. Great networking ability, have handled media relating to Cyber security issue on many occasions and good at training(both technical, non technical subjects). Taking ownership, delivering results, crisis management and cross functional skills are key strengths.

Specialties: Managing technical team, handling delivery & taking ownership of team. Virus analysis, Antivirus & Security products testing, Application security design & review, Secure enterprise architecture & design, ISO 27001 Standards implementation, Training. Presented in various CII conference on Cyber Security and Defense IT consultative committee(DITCC). He has Got numerous commendations from Indian army. He has done guest lecturing for various law enforcement and military academy in india.


Ready to start learning?
Take This Course