Exploiting and Securing Vulnerabilities in Java Applications (Coursera)

Exploiting and Securing Vulnerabilities in Java Applications (Coursera)

In this course, we will wear many hats. With our Attacker Hats on, we will exploit Injection issues that allow us to steal data, exploit Cross Site Scripting issues to compromise a users browser, break authentication to gain access to data and functionality reserved for the ‘Admins’, and even exploit vulnerable components to run our code on a remote server and access some secrets.

Class Deals by MOOC List - Click here and see Coursera's Active Discounts, Deals, and Promo Codes.

We will also wear Defender Hats. We will dive deep in the code to fix the root cause of these issues and discuss various mitigation strategies. We do this by exploiting WebGoat, an OWASP project designed to teach penetration testing. WebGoat is a deliberately vulnerable application with many flaws and we take aim at fixing some of these issues. Finally we fix these issues in WebGoat and build our patched binaries. Together we will discuss online resources to help us along and find meaningful ways to give back to the larger Application Security community.
What You Will Learn

  • Practice protecting against various kinds of cross-site scripting (XSS) attacks.
  • Form plans to mitigate injection vulnerabilities in your web application.
  • Create strategies and controls to provide secure authentication.
  • Examine code to find and patch vulnerable components.

Course 4 of 4 in the Secure Coding Practices Specialization.

Syllabus

WEEK 1
Setup and Introduction to Cross Site Scripting Attacks
In this module, you will be able to use Git and GitHub to pull needed source code. You will be able to run WebGoat in a Docker container and explain reasons for doing so. You'll be able to describe cross-site scripting attacks and explain how these attacks happen and how to guard against them. You'll be able to differentiate between a DOM-based, Reflected, and Stored cross-site scripting attacks. You will be able to practice protecting against various kinds of cross-site scripting attacks.

WEEK 2
Injection Attacks
In this module, you will be able to exploit a SQL injection vulnerability and form plans to mitigate injection vulnerabilities in your web application. You will be able to discuss various approaches to finding and fixing XML, Entity and SQL attack vulnerabilities. You'll be able to describe and protect against a "man-in-the-middle" attack and describe the the thought process to find SQL injection vulnerabilities by "putting on the attacker's hat". You will be able to demonstrate how to properly modify queries to get them into prepared statements and analyze code while using an XML viewer and text editor to find vulnerabilities. You'll also be able to navigate a large code base to find critical segments of code and patch vulnerabilities.

WEEK 3
Authentication and Authorization
In this module, you will be able to evaluate authentication flaws of various kinds to identify potential problems and create strategies and controls to provide secure authentication. You'll be able to create and/or implement controls to mitigate authentication bypass and draw lessons from notable instances where others failed to authenticate users. You will be able to properly implement authentication methods like JSON Web Tokens (JWT). You will be able to find vulnerabilities in a large code base and provide a solution for demonstrating and exploiting JSON Web Tokens (JWT).

WEEK 4
Dangers of Vulnerable Components and Final Project
In this module, you will be able to use the OWASP Dependency Checker while analyzing code and verify that you have vulnerable components in the code. You will be able to examine code to find and patch vulnerable components. You will be able to apply what you learned from previous module activities to finalize your final project.

Go to Class
MOOC List is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Related Courses

Blockchain Security (Coursera) Coursera
Infosec

Blockchain Security (Coursera)

This course introduces blockchain security, including a description of how the blockchain works at each level of the blockchain ecosystem. The instructor begins with the building blocks that create the structure of blockchain, the cryptography that it uses for security, and the role of hash functions in the blockchain and how they can be attacked. In the next module, the instructor describes what blockchain consensus is, why it’s needed, its underlying theory (Byzantine Fault Tolerance and Security via Scarcity), some of the common consensus algorithms, and the security issues inherent to each variant.

Aug 3rd 2026
5-12 Weeks
Effective Programming in Scala (Coursera) Coursera
École Polytechnique Fédérale de Lausanne

Effective Programming in Scala (Coursera)

Scala is an expressive, versatile, and safe programming language. In this course, you will learn how to get the most out of Scala to solve common programming tasks such as modeling business domains, breaking down complex problems into simpler problems, manipulating data, or running parallel tasks. Along the journey, you will also learn the best practices for writing high-quality code that scales to large applications, how to handle errors, how to write tests, and how to leverage a productive development environment.

Aug 3rd 2026
5-12 Weeks
Code Yourself! An Introduction to Programming (Coursera) Coursera
University of Edinburgh,Universidad ORT Uruguay

Code Yourself! An Introduction to Programming (Coursera)

Have you ever wished you knew how to program, but had no idea where to start from? This course will teach you how to program in Scratch, an easy to use visual programming language. More importantly, it will introduce you to the fundamental principles of computing and it will help you think like a software engineer.

Aug 3rd 2026
5-12 Weeks
Cybersecurity Awareness and Innovation (Coursera) Coursera
EIT Digital

Cybersecurity Awareness and Innovation (Coursera)

It’s not you, it’s me! What’s going on? This course empowers students, professionals and wider community to deal with cybersecurity attacks and risks focused on identity management and it is an introduction to the upcoming full course focused on cybersecurity awareness. It is provided a practical overview of challenging issues like identity credentials management and security, e-mail threats and web impersonation, or web hacking.

Aug 3rd 2026
5-12 Weeks
Introducción a UML (Coursera) Coursera
Universidad de los Andes

Introducción a UML (Coursera)

Bienvenidos a este curso de introducción al Lenguaje de Modelado Unificado, o UML por su sigla en inglés. Este curso surge como respuesta a la necesidad de los ingenieros de software de desarrollar la habilidad de abstraer y representar en un modelo problemas o soluciones. Esta habilidad es especialmente importante en el mundo del software donde las tecnologías son tan cambiantes. Un modelo te provee una forma de comunicar y validar un entendimiento, independiente de la tecnología en la que construirás una solución.

Aug 3rd 2026
4 Weeks
In the Trenches: Security Operations Center (Coursera) Coursera
EC-Council

In the Trenches: Security Operations Center (Coursera)

Cyber-attacks, breaches, and incidents continue to grow. The sophistication and complexity of these attacks continue to evolve. More than ever organizations need to plan, prepare, and defend against a potential cyber incident. Security Operation Centers (SOCs) act as an organization's front-line defense against cyber incidents. SOC analyst accomplishes this by monitoring and responding to network and host anomalies, performing an in-depth analysis of suspicious events, and when necessary, aiding in forensic investigations.

Aug 3rd 2026
4 Weeks
CompTIA a+ Network (Coursera) Coursera
CompTIA

CompTIA a+ Network (Coursera)

Explore the dynamic world of network systems with the CompTIA a+ Network course. This complete networking course is explicitly designed for beginners and will equip you with foundational knowledge and hands-on skills in network installation, network support and application support. Today, network technicians are in-demand and job opportunities are plenty.

Aug 3rd 2026
5-12 Weeks
Build a Data Warehouse Using BigQuery (Coursera) Coursera
Starweaver

Build a Data Warehouse Using BigQuery (Coursera)

Unlock the power of Google BigQuery as you embark on a journey to become proficient in data warehouse building and advanced querying. In this comprehensive course, you'll learn to harness the capabilities of BigQuery, from setting up and accessing the platform to creating data warehouses using both the user interface and Python. Through hands-on lessons and practical applications, you'll develop the fundamental skills needed to manage, query, and optimize your data in this powerful cloud-based platform.

Aug 3rd 2026
1 Week
Security and Privacy in TOR Network (Coursera) Coursera
University of Colorado System

Security and Privacy in TOR Network (Coursera)

In this MOOC, we will learn about TOR basic concept and see how they protect the security and privacy of users and resist censorship. We will examine how TOR realize the anonymity and utilize its service by downloading and using Tor browser software. A recent attack on TOR’s application flow control called sniper attacks is analyzed.

Aug 3rd 2026
4 Weeks
Risk in Modern Society (Coursera) Coursera
Leiden University,LDE Centre for Safety and Security

Risk in Modern Society (Coursera)

Risk has become one of the defining features of modern society. Almost daily, we are preoccupied with assessing, discussing, or preventing a wide variety of risks. It is a cornerstone notion for businesses and organizations, but also for nation states and their many levels of government. And even for individuals, risk and the avoidance or embracing thereof, is a key theme. The course Risk in Modern Society sheds light on the broad concept of risk.

Aug 3rd 2026
5-12 Weeks