Ethical Hacking: Dive into Injections by Java & Spring Boot

Ethical Hacking, Web Application Security & Spring - Master Injection Attacks with NoSQL, LDAP, LOG, CSV & SQL Injection

What you'll learn

Ethical hacking with injection attacks
Web security
Secure coding
SQL Injection with PostgreSQL
NoSQL Injection with MongoDB
LDAP Injection with OpenLDAP
LOG Injection
CSV Injection
Spring security Form login authentication
Spring Data JPA
Spring Data MongoDB
Spring LDAP
Spring Validation

Requirements

Knowledge of Java
Basic knowledge of Spring Framework
Basic knowledge of SQL
Basic knowledge of Web application development

Description

Are you a Java web developer and want to write secure code? Do you want to learn Ethical hacking and Web application security? With this hands-on injection attacks course you will start learning web security using one of the top vulnerabilities of OWASP Top 10 list. Injection attack is still listed in top 3 attacks in the OWASP Top 10 and it is important to prevent against injection attacks to develop secure web applications.

As part of the blue and red security teams,I have a practical knowledge and I am here to help you learn the injection vulnerability in detail.

In this course, you will focus on different type of injection attacks;

SQL Injection

NoSQL injection

LDAP injection

LOG injection

CSV injection

Ethical hacking and Web application security are the two important subjects of Cyber Security field and having practical knowledge about Injections will enable you to better understand the security concepts and make a quick start.

In this course I will follow defense-in-depth principle and apply multiple solutions to each vulnerability to secure the web application in multiple layers.

I will follow a hands-on approach. You will not only learn how to exploit an application using different kind of injection attacks, but also develop the vulnerable applications from scratch in which you will have a common web login module with spring security form login authentication, and separate applications for SQL, NoSQL and LDAP injections.

The applications will be developed using Java and Spring boot along with the most used data sources, such as PostgreSQL for SQL Injection, MongoDB for NoSQL injection and OpenLDAP for LDAP injection.

In each section there will be;

Development of the vulnerable web application using Java, Spring boot and Spring security

Hacking of the application with various attack payloads and with Ethical hacking examples

Protection steps and the implementations to prevent injection attacks

At the end of the course you will understand the different type of injection vulnerabilities, perform injection attacks against the vulnerable web applications you have developed, and learn how to protect your applications against the injection attacks using various techniques such as,

Validation and sanitisation using white list approach

Parametrised queries with prepared statements

Escaping output

Using secure trusted libraries

Error handling and logging

General coding practices

If you want to skip the development and only perform the hacking of applications, you can jump into the injection lectures and download the source code provided in the resources section of that lecture. Be aware that you will still need to install PostgreSQL for SQL Injection, MongoDB for NoSQL injection and OpenLDAP docker container for LDAP injection. You can see how to install and configure these data sources in the beginning lectures of each injection section.

For more detailed information on the progress of this course, you can check the introductory video and free lessons, and if you decide to enroll in this course, you are always welcome to ask and discuss the concepts and implementation details on Q/A and messages sections. I will guide you from start to finish to help you successfully complete the course and gain as much knowledge and experience as possible from this course.

Who this course is for:

Developers keen on web security, ethical hacking and secure coding
One wants to dive into injection vulnerability with different attack types
One likes to learn with a hands-on approach

Course content
7 sections • 76 lectures • 8h 43m total length