Java EE: AJAX with DWR, DOJO, and Security, Part 4 of 5
Interactive

Java EE: AJAX with DWR, DOJO, and Security, Part 4 of 5

LearnNow Online
Updated Oct 26, 2018

Course description

This course is a continuation of the Java EE Programming: AJAX Fundamentals course and will get into greater detail about AJAX and cover Direct Web Remoting (DWR). It will cover what a time saver the DOJO framework can be and how to use DOJO toolkit. The course will then move onto Advanced JavaScript. Security is an important part of any development and this course covers AJAX security and security guidelines. The final chapters of this course will cover JavaScript Performance Tuning and Mashups for Java servers.

Each LearnNowOnline training course is made up of Modules (typically an hour in length). Within each module there are Topics (typically 15-30 minutes each) and Subtopics (typically 2-5 minutes each). There is a Post Exam for each Module that must be passed with a score of 70% or higher to successfully and fully complete the course.


Meet the expert

Ali Hamad

Ali Hamad has a Bachelor and Masters degree in Computer Science and has been training many aspects of Java for over 14 years, covering Introduction through JDBC, JBoss and beyond. His training and consulting background also covers C, C , Object Oriented Analysis and Design (OOAD), and Unix/Linux. Ali has worked for or been a consultant and trainer for many companies including Dell, Texas Instruments, State of New Hampshire, Web Age Solutions, and many more. He is the author of training material for several programming topics such as Java, Struts, C , Unix and J2EE applications.

Video Runtime

115 Minutes

Time to complete

155 Minutes

Course Outline

Module 6

AJAX Security (25:10)

  • Introduction (00:28)
  • The Same Origin Policy (03:44)
  • SOP Example (02:07)
  • Exemption from SOP (01:02)
  • Bypassing SOP (01:26)
  • Using Dynamic Script Tag (02:54)
  • Example: Main Page (00:33)
  • Example: The Included Script (02:11)
  • Demo: Example Site Setup (10:27)
  • Summary (00:13)

AJAX Common Attacks (25:42)

  • Introduction (00:37)
  • Example: The Included Script (00:31)
  • Code in Dynamic Script Element (01:51)
  • Using an Ajax Proxy (02:37)
  • Common Attacks for Ajax (00:41)
  • Cross Site Scripting (XSS) (02:26)
  • XSS Example (00:55)
  • Preventing XSS (02:54)
  • Demo: Ajax Security (12:56)
  • Summary (00:11)

Java Script Worms (34:36)

  • Introduction (00:29)
  • JavaScript Worms (03:02)
  • Cross-site Request Forgery (02:29)
  • Preventing CSRF (02:29)
  • JavaScript or JSON Hijacking (01:24)
  • Example: JSON Hijacking (03:03)
  • Exploiting JSON Hijacking (02:15)
  • Preventing JSON Hijacking (02:36)
  • Denial of Service (DoS) Attack (01:34)
  • XML Bomb Attack (01:15)
  • Example: XML Bomb Attack (00:46)
  • Ajax Proxy Vulnerability (03:54)
  • Demo: Java Script Worms (09:00)
  • Summary (00:13)
Module 7

AJAX Security Guidelines (30:07)

  • Introduction (00:28)
  • Obfuscate JavaScript Code (01:50)
  • Privileged Functions (02:01)
  • Do Not Expose Database Schema (01:44)
  • Validate Input on Server Side (01:04)
  • Password Protect Operations (01:49)
  • Careful of State Information (01:13)
  • Use White List in Ajax Proxy (01:22)
  • Do Not Use Distrusted Content (01:07)
  • Use eval() Carefully (02:02)
  • Demo: AJAX Security Guidelines (14:51)
  • Summary (00:29)