This course demonstrates how injection flaws occur when untrusted data is used to construct queries, HTML content, or system commands. Learn to mitigate these risks through parameterized queries, server-side and client-side sanitization, input validation, and safe command execution patterns in our pastebin application.
Overview
Syllabus
- Unit 1: Understanding Injection Vulnerabilities
- Unit 2: Query Parameter Injection
- Exploiting SQL Injection Through Query Parameters
- Extracting Database Table Names Using UNION-Based SQL Injection
- Implementing Parameterized Queries to Prevent SQL Injection
- Add Input Validation to Search Endpoint
- Unit 3: Preventing XSS Injections
- Exploiting XSS Vulnerabilities in a Pastebin Application
- Implementing XSS Protection with OWASP Java HTML Sanitizer
- Implementing Server-Side HTML Sanitization with OWASP Java HTML Sanitizer
- Sanitize HTML Comments with DOMPurify in CommentViewer
- Unit 4: Preventing Command Injection
- Exploiting Command Injection with Command Chaining
- Command Injection: Reading the System Password File
- Secure File-Stats Endpoint by Validating Filename Parameter
- Implementing Safe Path Construction to Prevent Directory Traversal
- Implementing Secure Command Execution with ProcessBuilder
- Validating Allowed File Extensions
Related Courses
Related Articles
-
[2026] Unlock 2000+ Free Certificates: Master Tech & Soft Skills with CodeSignal Learn
-
Become a Supercommunicator: Practical Skills for Better Conversations
-
CodeSignal – The Duolingo of Coding Practice
-
9 Best Bug Bounty Courses for 2026: Ethical Hacking, Safer Web
-
7 Best Penetration Testing Courses in 2026
-
Learn Something New: 250 Most Popular Courses For October
