0% found this document useful (0 votes)

7 views3 pages

Securing Java Web Application

Uploaded by

rizqi ardiansyah

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

7 views3 pages

Securing Java Web Application

Uploaded by

rizqi ardiansyah

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 3

Securing Java Web Application

DESCRIPTION

Pada training ini akan membahas mengenai memahami ancaman paling umum terhadap aplikasi web
saat ini. Training juga akan mempelajari berbagai teknik pertahanan untuk membantu anda
membangun aplikasi web Java yang mencegah serangan ini menjadi sukses. Pada training ini peserta
akan mempelajari web application security basics, authentication and session management, access
control, cross-site scripting defense, cross-site request forgery defense and clickjacking, protecting
sensitive data, sql injection and other injection attacks, safe file upload and file I/O, logging, error
handling, and intrusion detection, dan secure software development lifecycle.

TARGET AUDIENCE

1. Programmer

2. Java Developer

3. Java Web developer

CONTENT

1. Web Application Security Basics

1.1. What Is Untrusted Data?
1.2. HTTP Security Considerations
1.3. Anti-Patterns and Weaknesses
1.4. Security Controls and Positive Patterns
1.5. Input Validation

2. Project Planning Authentication and Session Management

2.1. Registration of New Users
2.2. The Basic Flow of the Login Process
2.3. Attacks Against Authentication
2.4. Secure Cookie Properties for Session Management
2.5. Credential Security
2.6. Username Harvesting
2.7. Brute Force Attacks, Account Lockout, and Multi-Factor Revisited
2.8. Remember Me Feature
2.9. Multi-Factor Authentication
2.10. Federated Identity and SAML
2.11. OAuth Basics
2.12. Additional Reading

3. Access Control
3.1. Identity and Access Control
3.2. RBAC Struggles: Data-Specific/Contextual Access Control
3.3. Multitenancy and Access Control
3.4. Contextual Access Control
3.5. Spring Security 3.0 ACLs
3.6. ABAC Attribute-Based Access Control
3.7. RBAC vs. ABAC

4. Cross-Site Scripting Defense

4.1. Content Spoofing
4.2. Defending Against XSS
4.3. Resources

5. Cross-Site Request Forgery Defense and Clickjacking

5.1. How Does CSRF Work?
5.2. How to Combat CSRF
5.3. Clickjacking
5.4. How to Combat Clickjacking

6. Protecting Sensitive Data

6.1. Securing Data in Transit
6.2. Securing Data at Rest
6.3. Secure Random Numbers

7. SQL Injection and Other Injection Attacks

7.1. What Is SQL Injection?
7.2. Other SQL Injection Examples
7.3. Query Parameterization
7.4. SQL Injection and Stored Procedures
7.5. Defense in Depth
7.6. Input Validation and Type Safety
7.7. DAO Pattern and Access Control Considerations
7.8. SQL Injection and Object
7.9. SQL Injection and Object Relational Mapping
7.10. Other Forms of Injection
7.11. Dangerous Characters in Input

8. Safe File Upload and File I/O

8.1. Anti-Patterns and Design Flaws
8.2. File Upload Security
8.3. Patterns of Attack
8.4. Summary
8.5. Resources

9. Logging, Error Handling, and Intrusion Detection

9.1. Logging Basics
9.2. Logging Frameworks for Security
9.3. Safe Error Handling
9.4. App Layer Intrusion Detection

CISSP Exam - Free Actual Q&as, Page 1 - 100
No ratings yet
CISSP Exam - Free Actual Q&as, Page 1 - 100
34 pages
Juice Shop Pen Test Report
No ratings yet
Juice Shop Pen Test Report
22 pages
Web Application Security
No ratings yet
Web Application Security
181 pages
Lezione Argiolu - Master Roma3!3!12-2010 - Application Security - Intro
No ratings yet
Lezione Argiolu - Master Roma3!3!12-2010 - Application Security - Intro
41 pages
OWASP Top Ten Web Application Vulnerabilities in J2EE
No ratings yet
OWASP Top Ten Web Application Vulnerabilities in J2EE
41 pages
Desenvolvimento Seguro
No ratings yet
Desenvolvimento Seguro
215 pages
Web Application Security Adithyan AK
No ratings yet
Web Application Security Adithyan AK
64 pages
Hacking in Web Applications
No ratings yet
Hacking in Web Applications
9 pages
A1 Injection
No ratings yet
A1 Injection
2 pages
19 WebSecurityThreats81
No ratings yet
19 WebSecurityThreats81
81 pages
Top 10 Most Common Java Vulnerabilities
No ratings yet
Top 10 Most Common Java Vulnerabilities
3 pages
Cross Site Scripting SQL Injection
No ratings yet
Cross Site Scripting SQL Injection
6 pages
Web Application Security
No ratings yet
Web Application Security
30 pages
Owasp Top 10
No ratings yet
Owasp Top 10
9 pages
Web Server Web Application Site Security: Command Injection SQL Injection
No ratings yet
Web Server Web Application Site Security: Command Injection SQL Injection
28 pages
Hacking in Web Applications
No ratings yet
Hacking in Web Applications
8 pages
ASSCP
No ratings yet
ASSCP
32 pages
Application Security
No ratings yet
Application Security
5 pages
Webinar 1531 Slides
No ratings yet
Webinar 1531 Slides
16 pages
Cert-In Training Program For Government, Psus and Critical Sector Oragnizations
No ratings yet
Cert-In Training Program For Government, Psus and Critical Sector Oragnizations
51 pages
Eccouncil Ecihv2 7 6 1 Web Application Security Threats and Attacks
No ratings yet
Eccouncil Ecihv2 7 6 1 Web Application Security Threats and Attacks
3 pages
Web Application Security
No ratings yet
Web Application Security
55 pages
FALL2025-26_CSE4031_ETH_AP2025262001217_2025-08-05_Reference-Material-I
No ratings yet
FALL2025-26_CSE4031_ETH_AP2025262001217_2025-08-05_Reference-Material-I
39 pages
CSS6 Sem
No ratings yet
CSS6 Sem
30 pages
The Top 10 Security Weakness (Vulnerabilities) in Web Applications (OWASP Top 10)
100% (1)
The Top 10 Security Weakness (Vulnerabilities) in Web Applications (OWASP Top 10)
33 pages
Web Application Based Threats
No ratings yet
Web Application Based Threats
6 pages
01 OWASP Top 10 Injection Vulnerabilities
No ratings yet
01 OWASP Top 10 Injection Vulnerabilities
18 pages
Software and Web Security
No ratings yet
Software and Web Security
41 pages
Web Application Security
No ratings yet
Web Application Security
23 pages
Top 10 WEB Vulnerablities
No ratings yet
Top 10 WEB Vulnerablities
55 pages
657470899
No ratings yet
657470899
14 pages
Unit 4
No ratings yet
Unit 4
23 pages
Crypto 8
No ratings yet
Crypto 8
4 pages
Why Hackers Don T Care About Your Firewall: Seba Deleersnyder
No ratings yet
Why Hackers Don T Care About Your Firewall: Seba Deleersnyder
48 pages
Topic 5 - Web Application Security
No ratings yet
Topic 5 - Web Application Security
50 pages
Web Application Hacking
No ratings yet
Web Application Hacking
9 pages
Security For Web Applications
No ratings yet
Security For Web Applications
25 pages
Web Attacks Notes
No ratings yet
Web Attacks Notes
11 pages
SOC Analyst L1 & Cybersecurity Analyst Interview Questions
No ratings yet
SOC Analyst L1 & Cybersecurity Analyst Interview Questions
20 pages
Seminar Web Application Security
No ratings yet
Seminar Web Application Security
30 pages
Secure Web Application Development
No ratings yet
Secure Web Application Development
3 pages
Security Best Practices in Coding
No ratings yet
Security Best Practices in Coding
57 pages
Tracking Down App Security
No ratings yet
Tracking Down App Security
69 pages
Cips 2014 0178
No ratings yet
Cips 2014 0178
35 pages
Assign 5
No ratings yet
Assign 5
5 pages
CHAPTER 8 network security
No ratings yet
CHAPTER 8 network security
8 pages
Core Problems: Testing Web Applications For Vulnerabilities
No ratings yet
Core Problems: Testing Web Applications For Vulnerabilities
13 pages
Web Application Security
No ratings yet
Web Application Security
26 pages
Security Testing Mat
No ratings yet
Security Testing Mat
9 pages
BCA - Secure Coding Guidelines For Developers PDF
No ratings yet
BCA - Secure Coding Guidelines For Developers PDF
12 pages
Hacking Web Applications
No ratings yet
Hacking Web Applications
23 pages
Q & A Part !
No ratings yet
Q & A Part !
3 pages
IV-i Sct-unit 2 Introduction to Cyber Security
No ratings yet
IV-i Sct-unit 2 Introduction to Cyber Security
23 pages
OWASP Web and Mobile App Security
No ratings yet
OWASP Web and Mobile App Security
101 pages
Chapter 4 Application and OS Security
No ratings yet
Chapter 4 Application and OS Security
41 pages
Secure Programming Course Outline Java Net PHP
No ratings yet
Secure Programming Course Outline Java Net PHP
11 pages
Introduction To Web Application Security and DevSecOps
No ratings yet
Introduction To Web Application Security and DevSecOps
7 pages
Report On OWASP What Is OWASP?: Deep Nandu BED-C-48
No ratings yet
Report On OWASP What Is OWASP?: Deep Nandu BED-C-48
4 pages
Java and Web Application Security
No ratings yet
Java and Web Application Security
4 pages
Vapt Unit 1notes
No ratings yet
Vapt Unit 1notes
42 pages
Data Analyst_Data Engineer
No ratings yet
Data Analyst_Data Engineer
7 pages
Building Data Streaming Applications With Apache Kafka
No ratings yet
Building Data Streaming Applications With Apache Kafka
4 pages
Go Language
No ratings yet
Go Language
3 pages
Build Modern API & Micro Services
No ratings yet
Build Modern API & Micro Services
2 pages
Data Science With R v.1
No ratings yet
Data Science With R v.1
4 pages
16_Kubernetes Admission Controllers
No ratings yet
16_Kubernetes Admission Controllers
13 pages
Using AI to Answer Internal FAQs & Build Knowledge Bots
No ratings yet
Using AI to Answer Internal FAQs & Build Knowledge Bots
3 pages
Programming With Java Standard Edition
No ratings yet
Programming With Java Standard Edition
2 pages
12_Your Application and HA
No ratings yet
12_Your Application and HA
10 pages
09_Storing and Reading Data on Disk
No ratings yet
09_Storing and Reading Data on Disk
19 pages
10 Curd+Opeartions
No ratings yet
10 Curd+Opeartions
17 pages
18_ETL Phase 3 Data Wrangling After the Load
No ratings yet
18_ETL Phase 3 Data Wrangling After the Load
52 pages
17_SQL Programming for Data Science
No ratings yet
17_SQL Programming for Data Science
88 pages
12_Tablespace
No ratings yet
12_Tablespace
9 pages
Module 1_Data Integration in Context
No ratings yet
Module 1_Data Integration in Context
12 pages
13_Business Intelligence (BI) Tools
No ratings yet
13_Business Intelligence (BI) Tools
64 pages
12 Model Maintenance
No ratings yet
12 Model Maintenance
12 pages
02_Introduction to Tableau
No ratings yet
02_Introduction to Tableau
59 pages
09_Building a Robust Geodemographic Segmentation Model
No ratings yet
09_Building a Robust Geodemographic Segmentation Model
65 pages
Web Application Penetration Testing Checklist
No ratings yet
Web Application Penetration Testing Checklist
26 pages
Two Factor Authentication
No ratings yet
Two Factor Authentication
20 pages
Oauth-Sso: A Framework To Secure The Oauth-Based Sso Service For Packaged Web Applications
No ratings yet
Oauth-Sso: A Framework To Secure The Oauth-Based Sso Service For Packaged Web Applications
9 pages
CompTIA PenTest+ Exam Summary
No ratings yet
CompTIA PenTest+ Exam Summary
15 pages
BCS 62 em 2023 24 MP
No ratings yet
BCS 62 em 2023 24 MP
15 pages
ASM Lab Day: ASM - Advanced Mitigation Techniques
100% (1)
ASM Lab Day: ASM - Advanced Mitigation Techniques
59 pages
Aliazar Merdekios 2017
No ratings yet
Aliazar Merdekios 2017
99 pages
Unit-2 Part-1
No ratings yet
Unit-2 Part-1
23 pages
JavaScript - Wikipedia, The Free Encyclopedia
No ratings yet
JavaScript - Wikipedia, The Free Encyclopedia
15 pages
Curso de Java Spring Security Autenticación y Seguridad Web
No ratings yet
Curso de Java Spring Security Autenticación y Seguridad Web
63 pages
Instinctive Quality Container in Node Group in Wireless Network
No ratings yet
Instinctive Quality Container in Node Group in Wireless Network
8 pages
Fullstack Dev - Interview Questions
No ratings yet
Fullstack Dev - Interview Questions
23 pages
Veracode Secure Coding Training Plan: Description
No ratings yet
Veracode Secure Coding Training Plan: Description
3 pages
Secure Coding - PHP v.1.1
No ratings yet
Secure Coding - PHP v.1.1
137 pages
SOC Interview Questions
No ratings yet
SOC Interview Questions
9 pages
Barracuda Load Balancer ADC DS US
No ratings yet
Barracuda Load Balancer ADC DS US
2 pages
Syllabus PTP
No ratings yet
Syllabus PTP
48 pages
Lecture 6: Modules 6.1-6.10 Web Server Security CSE 628/628A
No ratings yet
Lecture 6: Modules 6.1-6.10 Web Server Security CSE 628/628A
23 pages
Tips
No ratings yet
Tips
106 pages
Server-Side Web Applications Attack
No ratings yet
Server-Side Web Applications Attack
4 pages
Django Security Tips
No ratings yet
Django Security Tips
3 pages
Sap Portal Hacking and Forensics
No ratings yet
Sap Portal Hacking and Forensics
87 pages
Browser Exploitation FW
No ratings yet
Browser Exploitation FW
5 pages
Arjun Quiz
No ratings yet
Arjun Quiz
6 pages
Cybersecurity Best Practices For Python Web Applications
No ratings yet
Cybersecurity Best Practices For Python Web Applications
25 pages
Okta Security Whitepaper Jan2019 0
No ratings yet
Okta Security Whitepaper Jan2019 0
44 pages
Module 3 - Network Security Assessment
No ratings yet
Module 3 - Network Security Assessment
15 pages
Cyber Security 500 MCQs
No ratings yet
Cyber Security 500 MCQs
101 pages

Securing Java Web Application

Uploaded by

Securing Java Web Application

Uploaded by

Securing Java Web Application

3. Java Web developer

1. Web Application Security Basics

2. Project Planning Authentication and Session Management

4. Cross-Site Scripting Defense

5. Cross-Site Request Forgery Defense and Clickjacking

6. Protecting Sensitive Data

7. SQL Injection and Other Injection Attacks

8. Safe File Upload and File I/O

9. Logging, Error Handling, and Intrusion Detection

You might also like