In this course, we will wear many hats. With our Attacker Hats on, we will exploit Injection issues that allow us to steal data, exploit Cross Site Scripting issues to compromise a users browser, break authentication to gain access to data and functionality reserved for the ‘Admins’, and even exploit vulnerable components to run our code on a remote server and access some secrets. We will also wear Defender Hats. We will dive deep in the code to fix the root cause of these issues and discuss various mitigation strategies. We do this by exploiting WebGoat, an OWASP project designed to teach penetration testing. WebGoat is a deliberately vulnerable application with many flaws and we take aim at fixing some of these issues. Finally we fix these issues in WebGoat and build our patched binaries. Together we will discuss online resources to help us along and find meaningful ways to give back to the larger Application Security community.



Exploiting and Securing Vulnerabilities in Java Applications
This course is part of Secure Coding Practices Specialization

Instructor: Joubin Jabbari
8,442 already enrolled
Included with 
(65 reviews)
What you'll learn
- Practice protecting against various kinds of cross-site scripting (XSS) attacks. 
- Form plans to mitigate injection vulnerabilities in your web application. 
- Create strategies and controls to provide secure authentication. 
- Examine code to find and patch vulnerable components. 
Skills you'll gain
Details to know

Add to your LinkedIn profile
See how employees at top companies are mastering in-demand skills

Build your subject-matter expertise
- Learn new concepts from industry experts
- Gain a foundational understanding of a subject or tool
- Develop job-relevant skills with hands-on projects
- Earn a shareable career certificate

There are 4 modules in this course
In this module, you will be able to use Git and GitHub to pull needed source code. You will be able to run WebGoat in a Docker container and explain reasons for doing so. You'll be able to describe cross-site scripting attacks and explain how these attacks happen and how to guard against them. You'll be able to differentiate between a DOM-based, Reflected, and Stored cross-site scripting attacks. You will be able to practice protecting against various kinds of cross-site scripting attacks.
What's included
14 videos3 readings1 assignment1 peer review5 discussion prompts
In this module, you will be able to exploit a SQL injection vulnerability and form plans to mitigate injection vulnerabilities in your web application. You will be able to discuss various approaches to finding and fixing XML, Entity and SQL attack vulnerabilities. You'll be able to describe and protect against a "man-in-the-middle" attack and describe the the thought process to find SQL injection vulnerabilities by "putting on the attacker's hat". You will be able to demonstrate how to properly modify queries to get them into prepared statements and analyze code while using an XML viewer and text editor to find vulnerabilities. You'll also be able to navigate a large code base to find critical segments of code and patch vulnerabilities.
What's included
10 videos2 readings1 assignment1 peer review3 discussion prompts
In this module, you will be able to evaluate authentication flaws of various kinds to identify potential problems and create strategies and controls to provide secure authentication. You'll be able to create and/or implement controls to mitigate authentication bypass and draw lessons from notable instances where others failed to authenticate users. You will be able to properly implement authentication methods like JSON Web Tokens (JWT). You will be able to find vulnerabilities in a large code base and provide a solution for demonstrating and exploiting JSON Web Tokens (JWT).
What's included
12 videos2 readings1 assignment1 peer review3 discussion prompts
In this module, you will be able to use the OWASP Dependency Checker while analyzing code and verify that you have vulnerable components in the code. You will be able to examine code to find and patch vulnerable components. You will be able to apply what you learned from previous module activities to finalize your final project.
What's included
5 videos3 readings1 assignment1 peer review2 discussion prompts
Earn a career certificate
Add this credential to your LinkedIn profile, resume, or CV. Share it on social media and in your performance review.
Instructor

Offered by
Explore more from Computer Security and Networks
 Status: Free Trial Status: Free Trial- Duke University 
 - Coursera Project Network 
 Status: Free Trial Status: Free Trial- University of California, Davis 
Why people choose Coursera for their career




Learner reviews
65 reviews
- 5 stars72.30% 
- 4 stars15.38% 
- 3 stars3.07% 
- 2 stars3.07% 
- 1 star6.15% 
Showing 3 of 65
Reviewed on May 26, 2020
Great course, got lot to earn about vulnerabilities and their mitigation strategies
Reviewed on Jun 23, 2020
Excellent and really helpful material... By far the best and most interesting course in the series!
Reviewed on Nov 30, 2020
Exploiting and Securing Vulnerabilities in Java Applications is by far the best course in this series. There are practical examples, live coding, and well organized.

Open new doors with Coursera Plus
Unlimited access to 10,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription
Advance your career with an online degree
Earn a degree from world-class universities - 100% online
Join over 3,400 global companies that choose Coursera for Business
Upskill your employees to excel in the digital economy
Frequently asked questions
To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.
When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.
Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.
More questions
Financial aid available,
¹ Some assignments in this course are AI-graded. For these assignments, your data will be used in accordance with Coursera's Privacy Notice.


