The Java Enterprise Edition (JEE) platform provides powerful tools for developing robust distributed applications. Although not web-centric, the JEE platform includes a significant number of web-specific specifications, including Java Server Pages (JSP) and Java Server Faces (JSF). No surprise, it is one of the most popular platforms for implementing large-scale, web-enabled, enterprise applications.
Not unlike other types of web applications, JEE web applications are affected by common problems such as SQL Injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and session management issues. Building upon the OWASP Top 10 course, this course provides a comprehensive overview of the security issues and developer pitfalls that affect web applications written in Java. This course teaches students to identify and mitigate vulnerabilities included in, but not limited to, the Open Web Application Security Project (OWASP) Top Ten taxonomy. Alternative remediation advice is also provided for the popular Model-View-Controller (MVC) frameworks such as Struts, Spring, and JSF. Additionally, the course teaches students secure configuration best practices to further harden web applications.