Securing Java Web Application Data

Focused View

Josh Cummings

2:40:34

16 View

01 - Course Overview

01 - Course Overview.mp4

01:36

02 - Hashing Data

02 - The Three Rules of Data Stewardship.mp4

02:41

03 - Leveraging Sensitive Log Information.mp4

01:43

04 - Queryable Hashes.mp4

01:27

05 - Hashing Is Not Encrypting.mp4

02:57

06 - Using MessageDigest.mp4

03:43

07 - Encoding in Base64.mp4

01:57

08 - Encoding in Hex.mp4

01:54

09 - Can I Use MD5.mp4

06:11

10 - Review.mp4

01:26

03 - Managing Keys and Certificates

11 - Keys in Chuukese.mp4

01:55

12 - JCA and the Key Interface.mp4

02:15

13 - Key Generators.mp4

02:10

14 - Key Factories.mp4

01:35

15 - A Simple Key Service.mp4

03:10

16 - Recreating a KeyPair from a PrivateKey.mp4

00:54

17 - Exchanging Specs for Keys.mp4

01:17

18 - The KeyStore API.mp4

01:18

19 - Programmatically Adding Keys to a KeyStore.mp4

00:37

20 - Generating Certificates in Java.mp4

02:09

21 - Key Rotation.mp4

01:52

22 - Key Management in Vault.mp4

01:46

23 - Converting PKCS#1 to PKCS#8.mp4

02:10

24 - Key Rotation with Vault.mp4

01:23

25 - Summary and the Apocalypse.mp4

01:13

04 - Serializing and Deserializing Data

26 - An Insecure EntityResolver Is Worth a Billion Laughs.mp4

02:46

27 - Billion Laughs Explained.mp4

02:00

28 - XXE Defined.mp4

01:56

29 - Mitigating XXE by Disabling DOCTYPEs.mp4

01:44

30 - Mitigating XXE with No-op Entity Resolvers.mp4

01:13

31 - Mitigating XXE by Disabling Other Features.mp4

01:33

32 - Mitigating XXE with Spring Boot.mp4

00:32

33 - Non-DOCTYPE XML SSRF Vectors.mp4

02:16

34 - Haters Gonna Hate.mp4

00:47

35 - Java and the Deserialization Apocalypse.mp4

01:06

36 - A JSON RCE Attack.mp4

01:12

37 - Mitigating Jackson Insecure Deserialization by Avoiding Default Typing.mp4

01:23

38 - Mitigating Jackson Insecure Deserialization with Whitelisting.mp4

01:10

39 - Whats Wrong with Java Serialization.mp4

03:17

40 - Inadequately Mitigating Java Insecure Deserialization.mp4

01:00

41 - Mitigating Java Insecure Deserialization with Whitelisting.mp4

01:05

42 - Java Serialization Is Construction.mp4

00:46

43 - The Apache Commons Serialization Gadget Chain.mp4

01:24

44 - Serialization and Data Stewardship.mp4

01:08

45 - Securing Serialization with Signatures.mp4

01:31

46 - Securing Serialization with Encryption.mp4

01:45

47 - Bonus Track - A Zip Slip Attack.mp4

01:28

48 - Review.mp4

01:41

05 - Signing and Verifying Data

49 - Forging Prescriptions.mp4

02:44

50 - Forging Messages.mp4

01:12

51 - Adding a Message Hash.mp4

01:29

52 - Macs in Java.mp4

01:22

53 - Adding a Mac in Terracotta Bank.mp4

00:46

54 - Signatures and Timing Attacks.mp4

01:30

55 - MessageDigest vs. Mac.mp4

00:52

56 - Digital Signatures in Java.mp4

01:16

57 - Adding a Digital Signature in Terracotta Bank.mp4

01:24

58 - Downgrade Attacks.mp4

01:33

59 - Replay Attacks.mp4

02:09

60 - Adding a Nonce to Terracotta Bank.mp4

00:49

61 - Key Rotation and JWS.mp4

02:29

62 - Using Spring Security 5.x JWS Support.mp4

01:54

63 - Conclusion.mp4

01:20

06 - Encrypting and Decrypting Data

64 - The Babington Plot.mp4

01:24

65 - Signing vs. Encryption.mp4

01:34

66 - Javas Cipher Class.mp4

01:39

67 - AES Encryption in Java.mp4

01:51

68 - How Secure Was That, Really.mp4

01:45

69 - AES and Block Ciphers.mp4

01:04

70 - Adding Entropy to AES.mp4

01:23

71 - AES CBC in Java.mp4

01:09

72 - Adding Authentication to AES.mp4

01:55

73 - AES GCM in Java.mp4

01:36

74 - Symmetric vs. Asymmetric Encryption.mp4

02:21

75 - Hybrid Encryption with JCA.mp4

01:47

76 - Intro to Google Tink.mp4

03:42

77 - Hybrid Encryption with Google Tink.mp4

01:45

78 - Review + the Backbone of the Secure Internet.mp4

01:38

07 - Transmitting Data over the Network

79 - The Most Dangerous Code in the World.mp4

00:46

80 - Spot the Vuln.mp4

01:35

81 - Overview of TLS RSA.mp4

01:58

82 - SSLSocket Misconfigurations.mp4

02:04

83 - SSLContext.mp4

01:24

84 - Specifying SSLContexts Algorithm.mp4

00:18

85 - Proving Identity with Key Managers.mp4

01:40

86 - Trusting Identity with Trust Managers.mp4

02:22

87 - Using TrustManager.mp4

02:05

88 - Protocols and Cipher Suites.mp4

02:26

89 - Specifying Protocols and Cipher Suites.mp4

00:59

90 - Hostname Verification.mp4

01:09

91 - Adding Hostname Verification.mp4

01:28

92 - TLS 1.3.mp4

01:45

93 - Using TLS 1.3.mp4

01:01

94 - HttpsURLConnection vs SSLSocket.mp4

00:47

95 - Wrap-up.mp4

01:23

Description

This course gives you the APIs and tools for securing user data in Java as well as the concepts needed to level up your data-security awareness.

What You'll Learn?

Nearly every website holds onto or transmits user data, and that user data is a gold mine for hackers. We hear about penetrations into big companies with large troves of personal data almost daily. In this course, Securing Java Web Application Data, you will gain the ability to secure web application data using JCA, JSSE, and common open source Java libraries like Spring Vault Client and Google Tink. First, you will learn how to safely hash data. Next, you will discover secure serialization and deserialization. Finally, you will explore how to sign, verify, encrypt, and decrypt data. When you’re finished with this course, you will have the skills and knowledge of Web Application Security needed to secure its data.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Java

Josh Cummings

Instructor's Courses

Like many software craftsmen, Josh eats, sleeps, and dreams in code. He codes for fun, and his kids code for fun! Right now, Josh works as a full-time committer on Spring Security and loves every minute. Hailing from Salt Lake City, Utah, Josh loves to hike and be in the outdoors when he's not hacking away at some new Java library. He also loves to juggle, especially on every third Saturday in June. Application Security holds a special place in his heart, a place diametrically opposed to and cosmically distant from his unending hatred for checked exceptions.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.