Course Description
Defensive programming is an approach to programming that attempts to ensure that software still functions under adverse or unforeseen circumstances. In this course, you'll learn how to defend against injection attacks, including SQL, XML, LDAP, and coding attacks. You'll also learn how to handle concurrency.
Learning Objectives
Working with Data
- start the course
- identify why unsanitized data should not be logged in Java programs
- identify why unsanitized data should be excluded from format strings
- identify the issues that can occur when handling ZIP and GZIP files in Java
- identify how to use input validation in a Java application
- identify how to protect regular expressions against regex injection attacks
Defending against Attacks
- identify how to prevent SQL injection attacks in Java
- identify how to prevent code injections in Java
- set up a local LDAP server, create a connection, and populate the server with directory entries
- identify how to prevent LDAP injection in Java
- identify how to prevent XPath injections in Java
- identify how to prevent XML injection attacks in Java
- identify how to prevent against XML Entity expansion attacks in Java
- list the potential problems that path traversal may cause and recognize how to prevent them in Java
Concurrency
- handle concurrency securely by avoiding race conditions in Java programs
- safely manage concurrency by ensuring safe publication of the members of referenced objects
- safely manage concurrency by ensuring proper synchronization semantics
- use thread-safety-related annotation in Java programs
Practice: Defending Against Attacks
- use defensive programming techniques to defend against attacks in Java programs