Exploiting and Securing Vulnerabilities in Java Applications (Coursera)

Exploiting and Securing Vulnerabilities in Java Applications (Coursera)

In this course, we will wear many hats. With our Attacker Hats on, we will exploit Injection issues that allow us to steal data, exploit Cross Site Scripting issues to compromise a users browser, break authentication to gain access to data and functionality reserved for the ‘Admins’, and even exploit vulnerable components to run our code on a remote server and access some secrets.

Class Deals by MOOC List - Click here and see Coursera's Active Discounts, Deals, and Promo Codes.

We will also wear Defender Hats. We will dive deep in the code to fix the root cause of these issues and discuss various mitigation strategies. We do this by exploiting WebGoat, an OWASP project designed to teach penetration testing. WebGoat is a deliberately vulnerable application with many flaws and we take aim at fixing some of these issues. Finally we fix these issues in WebGoat and build our patched binaries. Together we will discuss online resources to help us along and find meaningful ways to give back to the larger Application Security community.
What You Will Learn

  • Practice protecting against various kinds of cross-site scripting (XSS) attacks.
  • Form plans to mitigate injection vulnerabilities in your web application.
  • Create strategies and controls to provide secure authentication.
  • Examine code to find and patch vulnerable components.

Course 4 of 4 in the Secure Coding Practices Specialization.

Syllabus

WEEK 1
Setup and Introduction to Cross Site Scripting Attacks
In this module, you will be able to use Git and GitHub to pull needed source code. You will be able to run WebGoat in a Docker container and explain reasons for doing so. You'll be able to describe cross-site scripting attacks and explain how these attacks happen and how to guard against them. You'll be able to differentiate between a DOM-based, Reflected, and Stored cross-site scripting attacks. You will be able to practice protecting against various kinds of cross-site scripting attacks.

WEEK 2
Injection Attacks
In this module, you will be able to exploit a SQL injection vulnerability and form plans to mitigate injection vulnerabilities in your web application. You will be able to discuss various approaches to finding and fixing XML, Entity and SQL attack vulnerabilities. You'll be able to describe and protect against a "man-in-the-middle" attack and describe the the thought process to find SQL injection vulnerabilities by "putting on the attacker's hat". You will be able to demonstrate how to properly modify queries to get them into prepared statements and analyze code while using an XML viewer and text editor to find vulnerabilities. You'll also be able to navigate a large code base to find critical segments of code and patch vulnerabilities.

WEEK 3
Authentication and Authorization
In this module, you will be able to evaluate authentication flaws of various kinds to identify potential problems and create strategies and controls to provide secure authentication. You'll be able to create and/or implement controls to mitigate authentication bypass and draw lessons from notable instances where others failed to authenticate users. You will be able to properly implement authentication methods like JSON Web Tokens (JWT). You will be able to find vulnerabilities in a large code base and provide a solution for demonstrating and exploiting JSON Web Tokens (JWT).

WEEK 4
Dangers of Vulnerable Components and Final Project
In this module, you will be able to use the OWASP Dependency Checker while analyzing code and verify that you have vulnerable components in the code. You will be able to examine code to find and patch vulnerable components. You will be able to apply what you learned from previous module activities to finalize your final project.

Go to Class
MOOC List is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Related Courses

Cybersecurity Best Practices (Coursera) Coursera
Coursera Instructor Network

Cybersecurity Best Practices (Coursera)

"Cybersecurity Best Practices" is a transformative course designed for any learners whether they are just getting started with cybersecurity or are seasoned professionals looking for a refresher. This course uses real world examples and explains cybersecurity concepts in relatable ways to make it accessible for anyone while still challenging seasoned professionals to think of these concepts with a different lens.

Aug 3rd 2026
1 Week
CompTIA a+ Network (Coursera) Coursera
CompTIA

CompTIA a+ Network (Coursera)

Explore the dynamic world of network systems with the CompTIA a+ Network course. This complete networking course is explicitly designed for beginners and will equip you with foundational knowledge and hands-on skills in network installation, network support and application support. Today, network technicians are in-demand and job opportunities are plenty.

Aug 3rd 2026
5-12 Weeks
Programming Mobile Applications for Android Handheld Systems: Part 2 (Coursera) Coursera
University of Maryland, College Park

Programming Mobile Applications for Android Handheld Systems: Part 2 (Coursera)

This course introduces you to the design and implementation of Android applications for mobile devices. You will build upon concepts from the prior course, including handling notifications, using multimedia and graphics and incorporating touch and gestures into your apps.

Aug 3rd 2026
5-12 Weeks
Risk in Modern Society (Coursera) Coursera
Leiden University,LDE Centre for Safety and Security

Risk in Modern Society (Coursera)

Risk has become one of the defining features of modern society. Almost daily, we are preoccupied with assessing, discussing, or preventing a wide variety of risks. It is a cornerstone notion for businesses and organizations, but also for nation states and their many levels of government. And even for individuals, risk and the avoidance or embracing thereof, is a key theme. The course Risk in Modern Society sheds light on the broad concept of risk.

Aug 3rd 2026
5-12 Weeks
Build a Data Warehouse Using BigQuery (Coursera) Coursera
Starweaver

Build a Data Warehouse Using BigQuery (Coursera)

Unlock the power of Google BigQuery as you embark on a journey to become proficient in data warehouse building and advanced querying. In this comprehensive course, you'll learn to harness the capabilities of BigQuery, from setting up and accessing the platform to creating data warehouses using both the user interface and Python. Through hands-on lessons and practical applications, you'll develop the fundamental skills needed to manage, query, and optimize your data in this powerful cloud-based platform.

Aug 3rd 2026
1 Week
Ethical Issues in Data Science (Coursera) Coursera
University of Colorado Boulder

Ethical Issues in Data Science (Coursera)

Computing applications involving large amounts of data – the domain of data science – impact the lives of most people in the U.S. and the world. These impacts include recommendations made to us by internet-based systems, information that is available about us online, techniques that are used for security and surveillance, data that is used in health care, and many more. In many cases, they are affected by techniques in artificial intelligence and machine learning.

Aug 3rd 2026
5-12 Weeks
Blockchain Security (Coursera) Coursera
Infosec

Blockchain Security (Coursera)

This course introduces blockchain security, including a description of how the blockchain works at each level of the blockchain ecosystem. The instructor begins with the building blocks that create the structure of blockchain, the cryptography that it uses for security, and the role of hash functions in the blockchain and how they can be attacked. In the next module, the instructor describes what blockchain consensus is, why it’s needed, its underlying theory (Byzantine Fault Tolerance and Security via Scarcity), some of the common consensus algorithms, and the security issues inherent to each variant.

Aug 3rd 2026
5-12 Weeks
Orientação a Objetos com Java (Coursera) Coursera
Instituto Tecnológico de Aeronáutica

Orientação a Objetos com Java (Coursera)

Neste curso, assumimos que você já sabe desenvolver programas pequenos em Java, mas você talvez não se sinta ainda confortável em projetar programas mais complexos com método e organização. O objetivo deste curso é fazer você compreender os princípios de orientação a objetos por meio da linguagem Java e saber como eficientemente aplicar esses princípios na prática quando projetando e desenvolvendo software de maneira ágil. Os conceitos discutidos e experimentados por você neste curso serão a base para você poder compreender os novos conceitos apresentados nos cursos seguintes desta especialização.

Aug 3rd 2026
5-12 Weeks
5G Network Fundamentals (Coursera) Coursera
Institut Mines-Telecom

5G Network Fundamentals (Coursera)

This MOOC presents the services and the architecture of 5G networks, the main principles of the new radio interface (NR), data flow management, security and the new Service-Based Architecture (SBA). In recent years, operators have been deploying 5G technology on commercial mobile networks. The latter is announced as a major technological breakthrough with speeds beyond Gbit/s, very low latencies and above all a distribution in many sectors of activity (industry, transport, medicine, etc.).

Aug 3rd 2026
5-12 Weeks
Cybercrime (Coursera) Coursera
Royal Holloway, University of London

Cybercrime (Coursera)

This course introduces fundamental notions of cybercrime. Namely, what cybercrime is, the main questions surrounding cybercrime, how cybercrime can be defined, and how it can be studied. You will learn about the difficulties in measuring the occurrence, the frequency and the impact of cybercrime, and build a scepticism on the reliability and the interpretation of cybercrime reports. You will be introduced to discussion about human aspects of cybercrime, in particular, the actors related to cybercrime, that is, the criminals, the victims, and law enforcement.

Aug 3rd 2026
4 Weeks