The Java Enterprise Edition (JEE) platform provides powerful tools for developing robust distributed applications. Although not web-centric, the JEE platform includes a significant number of web-specific specifications, including Java Server Pages (JSP) and Java Server Faces (JSF). Not surprisingly, it is one of the most popular platforms for implementing large-scale, web-enabled enterprise applications.
Like other types of web applications, JEE web applications are affected by common problems such as SQL Injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and session management issues. Building on the OWASP Top 10 course, this course provides a comprehensive overview of the security issues and developer pitfalls that affect web applications written in Java. This course teaches students to identify and mitigate vulnerabilities included in, but not limited to, the Open Web Application Security Project (OWASP) Top 10 taxonomy. The course also provides alternative remediation advice for popular model-view-controller (MVC) frameworks such as Struts, Spring, and JSF. Additionally, the course teaches students secure configuration best practices to further harden web applications.