Defensive Programming in Java: Data Handling, Injection Attacks, and Concurrency


Overview/Description
Target Audience
Prerequisites
Expected Duration
Lesson Objectives
Course Number
Expertise Level



Overview/Description
Defensive programming is an approach to programming that attempts to ensure that software still functions under adverse or unforeseen circumstances. In this course, you'll learn how to defend against injection attacks, including SQL, XML, LDAP, and coding attacks. You'll also learn how to handle concurrency.

Target Audience
Java developers seeking an introductory guide to developing efficient, secure, Java applications that are defendable against a variety of issues

Prerequisites
None

Expected Duration (hours)
2.8

Lesson Objectives

Defensive Programming in Java: Data Handling, Injection Attacks, and Concurrency

  • start the course
  • identify why unsanitized data should not be logged in Java programs
  • identify why unsanitized data should be excluded from format strings
  • identify the issues that can occur when handling ZIP and GZIP files in Java
  • identify how to use input validation in a Java application
  • identify how to protect regular expressions against regex injection attacks
  • identify how to prevent SQL injection attacks in Java
  • identify how to prevent code injections in Java
  • set up a local LDAP server, create a connection, and populate the server with directory entries
  • identify how to prevent LDAP injection in Java
  • identify how to prevent XPath injections in Java
  • identify how to prevent XML injection attacks in Java
  • identify how to prevent against XML Entity expansion attacks in Java
  • list the potential problems that path traversal may cause and recognize how to prevent them in Java
  • handle concurrency securely by avoiding race conditions in Java programs
  • safely manage concurrency by ensuring safe publication of the members of referenced objects
  • safely manage concurrency by ensuring proper synchronization semantics
  • use thread-safety-related annotation in Java programs
  • use defensive programming techniques to defend against attacks in Java programs
  • Course Number:
    sd_sprj_a02_it_enus

    Expertise Level
    Intermediate