LAB 230 – Defending Java Applications Against XSS

Course Overview

This lab simulates a cross-site scripting vulnerability that can be found in an online banking application built using Java which fails to validate input and encode output. Using Visual Studio Code participants will determine whether the data is correctly encoded for the context in which it will appear in web application output. The objective of this lab is to find the cross-site scripting (XSS) vulnerability found in this Java web application and fix the issue.

Upon completion of this lab participants will:

• Apply strategic principles to keep web applications safe
• Demonstrate the skills needed to discover and exploit cross-site scripting attacks
• Fix a cross-site scripting vulnerability in Java