LAB 230 - Defending Java Applications Against XSS

Course Details

Course Number: LAB 230

Course Duration: 15 minutes

Course CPE Credits:

NICE Specialty Areas

Risk Management (RSK)
Securely Provision (SP)
Software Development (DEV)

Related Subject Matter

CWE
Java
OWASP ASVS
OWASP Web
Skill Labs
Web

Foreign Languages Available:

English

Course Overview

This lab simulates a cross-site scripting vulnerability that can be found in an online banking application built using Java which fails to validate input and encode output. Using Visual Studio Code participants will determine whether the data is correctly encoded for the context in which it will appear in web application output. The objective of this lab is to find the cross-site scripting (XSS) vulnerability found in this Java web application and fix the issue.

Upon completion of this lab participants will:

Apply strategic principles to keep web applications safe
Demonstrate the skills needed to discover and exploit cross-site scripting attacks
Fix a cross-site scripting vulnerability in Java

Ready to Demo this course? Questions? Contact Us!