Find online courses made by experts from around the world.
Take your courses with you and learn anywhere, anytime.
Learn and practice real-world skills and achieve your goals.
This course teaches the programmers on how to exploit(hack) and defend against various attacks on Java. The course is designed around OWASP Top10 which is common standard which is used in design, architecture, testing of web applications.
The course contains video/audio lectures. It has Theory on Java web programming(Exploit, Defense) . It also has Demos of exploitation and Defense. It gives students practical insight into coding web application in Java securely. We recommend students to study the course over a period of 15 days and attempt the quiz at the end of the period. we also recommend students to study various resource material available on the internet in various forums including OWASP official website.
The course is structured according to OWASP Top 10 from A1 to A10. In each of the OWASP Top10 sessions we have categorized presentation, exploitation, defense. Any programmer who is programming in Java, should take this course. Secure Java programmers are prefered by organisations across the globe.
Not for you? No problem.
30 day money back guarantee.
Learn on the go.
Desktop, iOS and Android.
Certificate of completion.
|Section 1: A1-Injection|
This lecture has external link to setup the java vulnerable labs
Login Bypass using SQL Injection -Demo
Union Exploitation Technique -Presentation
Union Exploitation Technique -Demo
Blind SQL Injection Presentation
Blind SQL Injection - Demo(Manual)
Blind SQL Injection - Demo(Automated)
SQL Injection Prevention
SQL Injection Prevention - Demo (Input Validation)
SQL Injection Prevention - Demo (Prepared Statement)
|Section 2: HTML Injection|
HTML Injection PPT
HTML Injection Demo
|Section 3: XML Injection|
XML Injection PPT
XML External Entity Injection Demo
XML External Entity Injection Prevention demo
|Section 4: XSLT Injection|
XSLT Injection PPT
|Section 5: Xpath injection|
Xpath Injection PPT
XPath injection Prevention
|Section 6: ORM Injection|
ORM injection Presentation
ORM injection Demo
|Section 7: A2- Broken Authentication and Session Management|
Broken Authentication and Session Management - Presentation
Improper Restriction of Excessive Authentication Attempts - Demo
Captcha - Demo
Usage of Cookies without Validation & Integrity Checking in a Security Decision
Avoiding usage of cookie data for a security-related decision - Demo
|Section 8: A3- Cross Site Scripting (XSS)|
Introduction to XSS
Reflected XSS - Presentation
Reflected XSS - Demo
Stored XSS - Presentation
Stored XSS - Demo
XSS Prevention - Presentation
XSS Prevention - Demo(JSTL Tag)
XSS Prevention - Demo (ESAPI)
XSS Prevention - Demo(HTTP-Only Flag)
|Section 9: A4- Insecure Direct Object References|
Insecure Direct Object References - Presentation
Reading Sensitive data of other users - Demo
Modifying Data of other users - Demo
Reading Arbitrary files - Demo
Insecure Direct Object References Prevention - Presentation
Insecure Direct Object References Prevention - Demo
|Section 10: A5- Security Misconfiguration|
Security Misconfiguration - Presentation
Default Login Credentials - Demo
Default Error Page - Demo
Prevention Demo - Error Handling
|Section 11: A6- Sensitive Data Exposure|
Sensitive Data Exposure - PresentationPreview
Cleartext Transmission of Sensitive Information - Demo
Cleartext Storage of Sensitive Information - Demo
Hashing Password without a salt -Demo
Sensitive data in Cookie - Demo
Prevention Demo - Salted Hash
|Section 12: A7-Missing Function Level Access Control|
Missing Function Level Access Control - Presentation
Missing Function Level Access Control - Demo 1
Links to sensitive pages in robots.txt
Forced Browsing - Demo
Missing Function Level Access Control Prevention- Presentation
Missing Function Level Access Control Prevention- Demo
|Section 13: A8- Cross-Site Request Forgery (CSRF)|
Cross-Site Request Forgery - Presentation
CSRF Demo (Get Based)
CSRF Demo ( Post-Based)
Cross-Site Request Forgery Prevention - Presentation
CSRF Prevention - Demo(CSRFGuard)
|Section 14: A9- Using Components with Known Vulnerabilities|
Using Components with Known Vulnerabilities - Presentation
Spring Framework - Demo
Prevention - Demo
|Section 15: A10-Unvalidated Redirects and Forwards|
Unvalidated Redirects and Forwards -PresentationPreview
Open URL Redirect - Demo
Open URL Forward -Demo
Unvalidated Redirects and Forwards Prevention -Presentation
Prevention - Demo
Hacking & Securing Java Web Programming
Cyber Security and Privacy Foundation Pte Ltd. is a Consulting, Services & Training Company based in Singapore. We do Vulnerability Assessment, Penetration Testing, Web Application Security Testing, Mobile Application Security Testing and Cyber Security Training. We do zero day security assessment and APT analysis and technical security certifications for organisation.
Cyber Security & Privacy Foundation, India is setup with objective to do non commercial work. It has around 14000+ members and almost 9000+ students and CISO's of major companies on its board. We are involved in active research in field on cyber security, web portal security management, product research which is useful for all computer users.
J Prasanna : 20+ year full time experience in field of computer security. He has worked for anti virus companies & run my own consulting companies. He have worked on standards implementation, consulting, testing, handled team of security experts, coders & networking experts. Can provide value to any organization by thinking out of box,implementing ideas from conceptual stage. Great networking ability, have handled media relating to Cyber security issue on many occasions and good at training(both technical, non technical subjects). Taking ownership, delivering results, crisis management and cross functional skills are key strengths.
Specialties: Managing technical team, handling delivery & taking ownership of team. Virus analysis, Antivirus & Security products testing, Application security design & review, Secure enterprise architecture & design, ISO 27001 Standards implementation, Training. Presented in various CII conference on Cyber Security and Defense IT consultative committee(DITCC). He has Got numerous commendations from Indian army. He has done guest lecturing for various law enforcement and military academy in india.