利用和防护Java应用程序漏洞

Exploiting and Securing Vulnerabilities in Java Applications

677 次查看
加州大学戴维斯分校
Coursera
  • 完成时间大约为 19 个小时
  • 普通(中级)
  • 英语
注:本课程由Coursera和Linkshare共同提供,因开课平台的各种因素变化,以上开课日期仅供参考

你将学到什么

Practice protecting against various kinds of cross-site scripting (XSS) attacks.

Form plans to mitigate injection vulnerabilities in your web application.

Create strategies and controls to provide secure authentication.

Examine code to find and patch vulnerable components.

课程概况

In this course, we will wear many hats. With our Attacker Hats on, we will exploit Injection issues that allow us to steal data, exploit Cross Site Scripting issues to compromise a users browser, break authentication to gain access to data and functionality reserved for the ‘Admins’, and even exploit vulnerable components to run our code on a remote server and access some secrets. We will also wear Defender Hats. We will dive deep in the code to fix the root cause of these issues and discuss various mitigation strategies. We do this by exploiting WebGoat, an OWASP project designed to teach penetration testing. WebGoat is a deliberately vulnerable application with many flaws and we take aim at fixing some of these issues. Finally we fix these issues in WebGoat and build our patched binaries. Together we will discuss online resources to help us along and find meaningful ways to give back to the larger Application Security community.

课程大纲

Setup and Introduction to Cross Site Scripting Attacks

In this module, you will be able to use Git and GitHub to pull needed source code. You will be able to run WebGoat in a Docker container and explain reasons for doing so. You'll be able to describe cross-site scripting attacks and explain how these attacks happen and how to guard against them. You'll be able to differentiate between a DOM-based, Reflected, and Stored cross-site scripting attacks. You will be able to practice protecting against various kinds of cross-site scripting attacks.

Injection Attacks

In this module, you will be able to exploit a SQL injection vulnerability and form plans to mitigate injection vulnerabilities in your web application. You will be able to discuss various approaches to finding and fixing XML, Entity and SQL attack vulnerabilities. You'll be able to describe and protect against a "man-in-the-middle" attack and describe the the thought process to find SQL injection vulnerabilities by "putting on the attacker's hat". You will be able to demonstrate how to properly modify queries to get them into prepared statements and analyze code while using an XML viewer and text editor to find vulnerabilities. You'll also be able to navigate a large code base to find critical segments of code and patch vulnerabilities.

Authentication and Authorization

In this module, you will be able to evaluate authentication flaws of various kinds to identify potential problems and create strategies and controls to provide secure authentication. You'll be able to create and/or implement controls to mitigate authentication bypass and draw lessons from notable instances where others failed to authenticate users. You will be able to properly implement authentication methods like JSON Web Tokens (JWT). You will be able to find vulnerabilities in a large code base and provide a solution for demonstrating and exploiting JSON Web Tokens (JWT).

Dangers of Vulnerable Components and Final Project

In this module, you will be able to use the OWASP Dependency Checker while analyzing code and verify that you have vulnerable components in the code. You will be able to examine code to find and patch vulnerable components. You will be able to apply what you learned from previous module activities to finalize your final project.

千万首歌曲。全无广告干扰。
此外,您还能在所有设备上欣赏您的整个音乐资料库。免费畅听 3 个月,之后每月只需 ¥10.00。
Apple 广告
声明:MOOC中国十分重视知识产权问题,我们发布之课程均源自下列机构,版权均归其所有,本站仅作报道收录并尊重其著作权益。感谢他们对MOOC事业做出的贡献!
  • Coursera
  • edX
  • OpenLearning
  • FutureLearn
  • iversity
  • Udacity
  • NovoEd
  • Canvas
  • Open2Study
  • Google
  • ewant
  • FUN
  • IOC-Athlete-MOOC
  • World-Science-U
  • Codecademy
  • CourseSites
  • opencourseworld
  • ShareCourse
  • gacco
  • MiriadaX
  • JANUX
  • openhpi
  • Stanford-Open-Edx
  • 网易云课堂
  • 中国大学MOOC
  • 学堂在线
  • 顶你学堂
  • 华文慕课
  • 好大学在线CnMooc
  • (部分课程由Coursera、Udemy、Linkshare共同提供)

© 2008-2019 MOOC.CN 慕课改变你,你改变世界