This course addresses flaws where improper enforcement of access restrictions allows unauthorized users to access or modify sensitive data or functionality, such as paste snippets or administrative pages, due to unverified input or missing role checks.
Overview
Syllabus
- Unit 1: Introduction to Java Security
- Exploring the Pastebin Application
- Testing JWT Authentication with Curl
- Unit 2: Securing Account Parameters
- Exploiting Unverified Account Parameters
- Securing API Endpoint with JWT Authentication
- Implementing User Authorization with JWT
- Secure Account Info Endpoint by Removing ID Parameter
- Unit 3: Preventing Forced Browsing
- Demonstrating Forced Browsing on Admin Endpoint
- Implementing Role-Based Admin Authorization
- Logging Unauthorized Access Attempts
- Unit 4: Preventing Privilege Escalation
- Exploiting Privilege Escalation Vulnerability
- Securing User Profile Endpoint with JWT Authentication
- Fixing the Privilege Escalation Vulnerability
- Unit 5: Protecting Sensitive User Data
- Exploiting Vulnerable Endpoints to Expose Sensitive User Data
- Implement Password Hashing with BCrypt
- Secure User Details Response
- Masking Sensitive Payment Data
Related Courses
Related Articles
-
[2026] Unlock 2000+ Free Certificates: Master Tech & Soft Skills with CodeSignal Learn
-
Become a Supercommunicator: Practical Skills for Better Conversations
-
CodeSignal – The Duolingo of Coding Practice
-
[2026] 100 Free & Most Popular CodeSignal Courses
-
9 Best Bug Bounty Courses for 2026: Ethical Hacking, Safer Web
-
[2026] 140+ Universities Just Launched 900+ Online Courses. Here’s the Full List.
