HOT

REST API Security with Java Spring Boot

SQL Injection, XSS prevention, HMAC, JWT, JWE, Oauth2, Okta, Denial of Service (DoS), and more about API security

  • Review rating
  • Review rating
  • Review rating
  • Review rating
  • Review rating
4.6 (17 ratings)
nullnull nullnull

30-day money-back guarantee

This course includes

12 h 21 min of video content
Beginner Difficulty
Perpetual Access
Access on mobile and Tablet
Share

Learning Objectives

This is NOT course on how to attack API, but course for PREVENT attack on the API
Learn about SQL Injection, XSS, token validation, JWT, OAuth2, and more
Various API security concepts, threats, and threat prevention methods
The concepts and algorithmis applicable for any programming language or framework. In this course, hands-on coding on API security will use Java Spring

Table of Contents

92 lectures
12 h 21 min
Welcome To This Course
01:13
Course Structure and Coverage
01:43
Tips : How To Get Maximum Value From This Course
05:56
Security? Who Cares!
02:15
Code Hands On - Overview
04:26
Code Hands On - Getting Started
07:04
SQL Injection - Threat
02:33
SQL Injection - Vulnerable Code
32:37
SQL Injection - Test Vulnerable Code
16:47
SQL Injection - Threat Prevention
04:16
SQL Injection - Safe Code 1
07:54
SQL Injection - Safe Code 2
24:51
SQL Injection - Safe Code 3
03:20
SQL Injection - Don't Tell Them
06:47
SQL Injection - JPA Vulnerable Code
13:14
SQL Injection - Test JPA Vulnerable Code
02:23
SQL Injection - Safe Code JPA
02:07
SQL Injection - Least Authority
06:11
SQL Injection - Are We Safe?
03:52
SQL In This Course
01:26
XSS - Threat
05:22
XSS - Vulnerable Code
06:42
XSS - Test Vulnerable Code
02:46
XSS - Vulnerable Code on ReactJS
12:50
XSS - Test Vulnerable Code on ReactJS
04:06
XSS - Threat Prevention
04:33
XSS - Safe Code on Input
13:40
XSS - Safe Code on Output 1
15:02
XSS - Safe Code on Output 2
09:37
Where To Put Security Code - Ease Our Burden
12:03
Where To Put Security Code - In This Course
04:19
DoS - Threat
03:16
DoS - Vulnerable Code
11:30
DoS - Test Vulnerable Code
06:44
DoS - Threat Prevention
03:53
Defense in Depth
05:15
DoS - Safe Code 1
05:58
DoS - Safe Code 2
12:20
DoS - Safe Code 3
07:59
Encode, Encrypt, Hash - What and Why
08:21
Encode, Encrypt, Hash - Sample Code
47:12
Encode, Encrypt, Hash - Sample Use Case
04:25
HMAC - Data Integrity
02:19
HMAC - Sample Code
34:42
Basic Authentication - This Is Me
04:46
Basic Authentication - Sample Code
26:35
Basic Authentication - Helping Is (Sometimes) Bad Idea
04:11
Data Transmission - Threat
01:19
Data Transmission - Threat Prevention
08:08
Data Transmission - HTTPS Only Please
03:45
Audit Log - Why Log?
06:02
Audit Log - Threat
02:19
Audit Log - Code Sample
18:37
ACL - Threat
01:17
ACL - Threat Prevention
04:14
ACL - Sample Code
20:44
ACL - Further Steps
01:41
Token Authentication - Overview
02:33
Token Authentication - Sample Code 1
22:51
Token Authentication - Threat
02:43
Token Authentication - Threat Prevention
02:45
Token Authentication - Sample Code 2
08:42
Token Authentication - Timing Attack
02:14
Token Authentication - Sample Code 3
02:24
Token Authentication - Logout
03:32
CORS - Overview
05:34
CORS - Sample Code 1
10:54
CORS - Sample Code 2
08:10
Token Without Cookies - Overview
01:52
Token Without Cookies - Sample Code 1
20:34
Token Without Cookies - Threat
01:40
Token Without Cookies - Threat Prevention
01:15
Tips : Key Storage
02:18
Token Without Cookies - Sample Code 2
06:21
JWT - Overview
10:00
JWT - Sample Code 1
18:48
JWT - Threat
02:03
JWT - Threat Prevention
02:41
JWT - Sample Code 2
11:40
JWT, JWS, JWE, JOSE
02:56
JWT - Sample Code 3
16:02
API Key - Simple Token
01:15
API Key - Sample Code
11:24
OAuth2 - Overview
11:58
OAuth2 - Authorization Server
02:49
OAuth2 - Sample Code 1
21:36
OAuth2 - Sample Code 2
07:39
MFA - Overview
02:33
MFA - Sample Implementation
07:09

Description

In this 12+ hours course, you will learn about the importance of securing your API.

In this course, you will learn basic API threat and how to prevent the threat to protect your API.

This API security course is very handy for knowing the security knowledge to keep your API secure and prevent multiple attack threats.

Not just the theory of what are the threats, in this course we will learn the hands-on implementation on API security to prevent those threats, using Java Spring boot.

To understand the code, you must be able to at least write REST API and database transaction using spring boot.

1. We will learn how to secure API against SQL injection, XSS (Cross Site Scripting), DoS (Denial of Service).

2. We will also learn how to do encoding, encryption, or hashing on Java Spring Boot, which is essential knowledge in security.

3. Then, secure your API against many possible alternatives for protection : start from the most basic authentication, cookie, or up-to-date JWT token (including encrypted JWE)

4. Learn how to utilise Okta for OAuth2 authentication, plus multi factor authentication (using Google Authenticator and email) in less than 1 hour

5. Not just backend, see how to protect your frontend (HTML / ReactJS) from several possible threats

6. Learn abour CORS (Cross Origin Resource Sharing)

7. Access control list

All you get in one API security course.

Plus, you will get FREE update FOREVER!

Who this course is for:

  • API Developer, API architect who writes API as their part of job, and cares about security (if you haven't care yet, you should start care!)

Featured Reviews

Profile Picture
Oct 26, 2021

Kumar K.

  • Review rating
  • Review rating
  • Review rating
  • Review rating
  • Review rating
The author is clear and crisp for the topics covered and this is a must go course for everyone who wants to learn the caveats of Security aspects and deal with your InfoSecurity team while releasing the APIs
Profile Picture
Nov 25, 2021

Murat A.

  • Review rating
  • Review rating
  • Review rating
  • Review rating
  • Review rating
Very clear and practical. Thanks