LAB 237 - Defending Java Applications Against SQL Injection

Course Details

Course Number: LAB 237

Course Duration: 20 minutes

Course CPE Credits:

NICE Specialty Areas

Risk Management (RSK)
Securely Provision (SP)
Software Development (DEV)

Related Subject Matter

CWE
Java
OWASP ASVS
OWASP Web
Skill Labs
Web

Foreign Languages Available:

English

Course Overview

This lab simulates a SQL Injection vulnerability that can be found in Shadow Bank which fails to validate input and consists of improper use of user input in SQL statements. Using Visual Studio Code participants will determine if the generated SQL query can be exploited. The objective of this lab is to fix the SQL Injection vulnerability found in this Java application and fix the issue.

Upon completion of this lab participants will:

Apply strategic principles to keep Java applications safe
Demonstrate the skills needed to discover and exploit SQL Injection attacks
Fix a vulnerable SQL query in Java

Ready to Demo this course? Questions? Contact Us!