06. Case Study

JAVA C2 L5 06 Demo

The Security case study retrieves a list of locations from a database in a secure fashion. The code can be cloned from GitLab.

The API has the following components:

  • Controller - LocationController.java
  • Service - LocationService.java and LocationServiceImpl.java
  • CRUD Repository - LocationRepository.java
  • Domain Entity/Model - Location.java
  • Security Configuration - SpringSecurityConfig.java
  • H2 Database accessible via http://localhost:8080/h2/
  • Tomcat Server accessible via http://localhost:8080

CSRF

Read more about Cross Site Request Forgery here.

CSRF Quiz

Using the link above, select which of the following are true regarding CSRF:
SOLUTION:
  • CSRF involves sites that rely on a user's identity
  • A CSRF attack involving uTorrent allowed the attacker to force a torrent download
  • A CSRF vulnerability on Netflix's site would have allowed an attacker to change the shipping address for DVDs
  • For a CSRF to succeed, the attacker must lure the victim to a site with malicious code while the victim is logged into the target site

Next Concept