LAB 237 - Defending Java Applications Against SQL Injection
This lab simulates a SQL Injection vulnerability that can be found in Shadow Bank which fails to validate input and consists of improper use of user input in SQL statements. Using Visual Studio Code participants will determine if the generated SQL query can be exploited. The objective of this lab is to fix the SQL Injection vulnerability found in this Java application and fix the issue.
Upon completion of this lab participants will:
- Apply strategic principles to keep Java applications safe
- Demonstrate the skills needed to discover and exploit SQL Injection attacks
- Fix a vulnerable SQL query in Java