This class is all about hacking techniques to compromise web and client-server applications written in Java. According to the TIOBE index, Java is the number one programming language by number of projects and lines of code, and it has been occupying this position for decades. Nevertheless, there is no single course fully dedicated to security issues specifically affecting Java. Until now.
In this class, attendees will gain the right skill set to discover Java vulnerabilities by themselves, and they will learn to defend their infrastructures from attackers. Attendees will be able to practice techniques affecting common libraries and products, not unknown in the various bug-bounty programs.
We will take time for both practical exploitation and theoretical understanding of the building blocks of each presented exploit. Root cause analysis and code review sessions are interspersed with explanation of possible detection and bypass techniques.
This is a lighter version of the same course that was brought at Blackhat Las Vegas in 2019, arranged in a way to fit the online format. The course is divided in 6 modules with 23 lessons and 15 labs. In a nutshell the arguments covered are: