Secure Coding in Spring Framework

سرفصل های دوره

Learn about security vulnerabilities in Spring applications and how to mitigate them effectively, making your applications resilient against potential threats.

1. Course Overview

1. Course Overview

02. A01 - Common Broken Access Control Attack Vectors and Mitigation in Spring Applications

01. Introduction

02. Spring Security Overview

03. Course Testing Overview

04. OWASP Top 10 Overview

05. A01 - Broken Access Control

06. Force Browsing and Deny by Default

07. Access Control with Spring Security Authorizati

08. Demo - Adopting Deny by Default

09. Force Browsing and Direct Object References

10. Indirect Object References in Spring

11. Demo - Indirect Object References

12. Outro

3. A01 - Managing Access Control with Roles

1. Introduction

2. Introducing Roles

3. Implementing Roles in Spring

4. Demo - Role-based Access

5. Role Based Access with Parameterized Testing

6. Demo - Role Based Access with Parameterized Testing

7. Multi-layered Access Control

8. Demo - Multi-layered Access Control

4. A01 - Managing Access Control with Authorities and Role Hierarchies

1. Introduction

2. Authorities Overview

3. Demo - Authorities

4. Role Hierarchy Overview

5. Demo - Role Hierarchies

5. A01 - Defence-in-depth with Method-level Security and Permissions

1. Introduction

2. What Is Defence-in-depth

3. Post Method Invocation Authorization Checks

4. Demo - Using the @PostAuthorize and @PostFilter Annotations

5. Pre Method Invocation Authorization Checks

6. Demo - Using the @PreAuthorize Annotation

7. Adopting a Centralized Permissions Service

8. Demo - Centralized Permissions Service

9. Importance of Access Control Reviews

06. A02 - Cryptographic Failures in Transit

01. Introduction

02. Overview of OWASP A02

03. MITM Attack Overview

04. HTTPS Overview

05. TLS Certificate Overview

06. Java Keytool Quickstart

07. Demo - Creating a Self-signed Certificate

08. HTTPS in Spring with SSL Bundles

09. Demo - HTTPS in Spring with SSL Bundles

10. Dont Use HTTP

11. Mutual TLS in Spring

12. Demo - Mutual TLS in Spring

13. Summary

07. A02 - Cryptographic Failures with Passwords

01. Introduction

02. Plaintext vs. Hashing

03. Insecurely Hashed Password Attack Vectors

04. Demo - Exploring Insecurely Hashed Password Attack Vectors

05. Spring Security Password Encoder Abstraction Overview

06. Spring Security BCrypt Password Encoder Overview

07. Demo - Spring Security BCrypt Password Encoder

08. Spring Security Delegating Password Encoder Overview

09. Demo - Spring Security Delegating Password Encoder Overview

10. BCrypt Work Factor Overview

11. Demo - Configuring Work Factor in Spring Password Encoders

12. Further Learning

8. A03 - Injection Vulnerabilities in Spring Applications

1. Introduction

2. SQL Injection Overview

3. SQL Injection in Spring

4. Demo - Spring SQL Injection Protection

5. Command Injection Overview

6. Command Injection in Spring

7. Demo - Spring Command Injection Protection

09. A04 - Insecure Design

01. Introduction

02. What Is Insecure Design

03. Secure Design Principles

04. Integrating Secure Design into the Software Development Lifecycle

05. Identifying Security Requirements

06. Choosing a Security Framework

07. Threat Modeling Introduction

08. Threat Modeling Process

09. Applying Threat Modeling

10. STRIDE Methodology Overview

11. Defining Security User Stories

12. Secure Releasing and Operations

10. A05 - Security Misconfiguration in Spring Applications

01. Introduction

02. What Is Security Misconfiguration

03. Accidentally Deploying Insecure Configuration

04. Spring Profiles Overview

05. Demo - Enabling Spring Configurations with Profiles

06. Configuring Property Sources with Profiles

07. Demo - Configuring Error Pages Using Profiles and Property Files

08. CSRF Protection Overview

09. Demo - CSRF Protection With SameSite Cookie Attribute

10. CSRF Protection Token Pattern

11. Demo - CSRF Protection Token Pattern

11. A06 - Vulnerable and Outdated Components

1. Introduction

2. OWASP A06 Overview

3. CVES Overview

4. NVD Overview

5. OWASP Dependency Checker Introduction

6. Demo - OWASP Dependency Check

7. Summary and Best Practice

12. A07 - Combatting Identification and Authentication Failures in Spring Framework

01. Introduction

02. A07 Overview

03. NIST Password Guidelines Overview

04. Demo - Updating Outdated Password Policies

05. Have I Been Pwned Overview

06. Spring Security Have I Been Pwned Integration

07. Demo - Using HIBP on Account Registration

08. When to Use HIBP

09. Demo - Using HIBP on Login

10. NIST Account Locking Recommendations

11. Demo - Temporary Account Locking

13. A07 - Multifactor Authentication in Spring Framework

01. Introduction

02. Why Multi-factor Authentication

03. Multi-factor Authentication Overview

04. Multi-factor Authentication in Spring Demo Overview

05. Demo - MFA Part 1 - Redirecting to the OTP Page on Login

06. Demo - MFA Part 2 - Setting a Partially Authenticated Role and Redirect Filter

07. Demo - MFA Part 3 - Ensuring the OTP Page Is Only Accessible by Partially Authenti

08. Demo - MFA Part 4 - Generating and Sending a Secure OTP

09. Demo - MFA Part 5 - Validating a Secure OTP and Completing Login

10. Demo - MFA Part 6 - Limiting OTP Input Attempts and Account Locking

11. Demo - MFA Part 7 - Browser Demo and Run-through

12. Password Reset Feature Overview

13. Demo - Password Reset

14. Summary and Best Practice

14. A08 - Software and Data Integrity Failures

01. Introduction

02. A02 - Software and Data Integrity Failures Overview

03. MITM Attacks

04. Maven Snapshots

05. Demo - Disabling Maven Snapshots

06. Why Checksums

07. Demo - Maven Dependency Checksums

08. PGP Keys Overview

09. Demo - Maven PGP Keys

10. Further Recommendations and Outro

15. A09 - Security Logging and Monitoring Failures

01. Introduction

02. Overview of OWASP A09

03. The Importance of Logging Security Events

04. Demo - Logging Security Events in Spring

05. The Importance of Enriching Logs with Context Metadata

06. Leveraging MDC in Spring to Log Additional Context Metadata

07. Demo - Adding User and Request Data to the MDC

08. Avoiding Sensitive Data Logging with Masking

09. Demo - Masking Sensitive Data

10. Why Log Data as JSON - ELK Stack Use Case

11. Demo - Structured JSON Logging with Elk Stack

12. Using Spring Actuator to Monitor Security Metrics

13. Demo - Security Metric Monitoring with Spring Actuator and ELK Stack

14. Security Incident Alerting Best Practice and Summary

16. A10 - Server-Side Request Forgery (SSRF) in Spring Applications

01. Introduction

02. Server-side Request Forgery Overview

03. Allow List Protection

04. Leveraging a Hoverfly Proxy for Testing

05. Demo - Allow List Protection

06. Bypassing Allow Lists With Redirects

07. Demo - Protecting Against Redirects

08. Exploiting Unsanitized Input

09. Demo - Exploiting Unsanitized Input

10. Best Practice and Summary

189,000 تومان

افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: PluralSight