English | 2025 | ISBN: 9365899354 | 400 pages | PDF
The gathering of information through OSINT and advanced search techniques is highlighted, laying the crucial groundwork for testing. Proxy tools like Burp Suite and OWASP Zap are shown, offering insights into their configurations and capabilities for web application testing.
Each chapter does a deep dive into specific vulnerabilities and attack vectors associated with Java web and mobile applications. Key topics include SQL injection, cross-site scripting (XSS), authentication flaws, and session management issues. Each chapter supplies background information, testing examples, and practical secure coding advice to prevent these vulnerabilities. There is a distinct focus on hands-on testing methodologies, which prepares readers for real-world security challenges.
By the end of this book, you will be a confident Java security champion.
Who this book is for
This book is for Java developers, software developers, application developers, quality engineers, software testing teams, and security analysts. Prior knowledge of Java is required. Some application security knowledge is helpful.
Table of Contents
1. Introduction: Java Security, Secure Coding, and Penetration Testing
2. Reconnaissance and Mapping
3. Hands-on with Web Proxies
4. Observability with SQL Injections
5. Misconfiguration with Default Values
6. CORS Exploitation
7. Exploring Vectors with DoS Attacks
8. Executing Business Logic Vulnerabilities
9. Authentication Protocols
10. Session Management
11. AuthorizationPractices
12. Java Deserialization Vulnerabilities
13. Java Remote Method Invocation Vulnerabilities
14. Java Native Interface Vulnerabilities
15. Static Analysis of Java Android Applications
16. Dynamic Analysis of Java Android Applications
17. Network Analysis of Java Android Applications
Appendix
