REST API Security with Java Spring Boot – What & How

REST API Security with Java Spring Boot - What & How

SQL Injection, XSS prevention, HMAC, JWT, JWE, Oauth2, Okta, Denial of Service (DoS), and more about API security

What you’ll learn

  • This is NOT course on how to attack API, but course for PREVENT attack on the API
  • Various API security concepts, threats, and threat prevention methods
  • Learn about SQL Injection, XSS, token validation, JWT, OAuth2, and more
  • The concepts and hands-on algorithm is applicable for any programming language or framework. In this course, hands-on coding on API security will use Java Spring


  • Hands-on coding requires you to know basic Java Spring implementation for REST API. This course using Spring Web for simplicity.


In this 12+ hours course, you will learn about the importance of securing your API.

In this course, you will learn basic API threat and how to prevent the threat to protect your API.

This API security course is very handy for knowing the security knowledge to keep your API secure and prevent multiple attack threats.

Not just the theory of what are the threats, in this course we will learn the hands-on implementation on API security to prevent those threats, using Java Spring boot.

To understand the code, you must be able to at least write REST API and database transaction using spring boot.

  1. We will learn how to secure API against SQL injection, XSS (Cross Site Scripting), DoS (Denial of Service).
  2. We will also learn how to do encoding, encryption, or hashing on Java Spring Boot, which is essential knowledge in security.
  3. Then, secure your API against many possible alternatives for protection : start from the most basic authentication, cookie, or up-to-date JWT token (including encrypted JWE)
  4. Learn how to utilise Okta for OAuth2 authentication, plus multi factor authentication (using Google Authenticator and email) in less than 1 hour
  5. Not just backend, see how to protect your frontend (HTML / ReactJS) from several possible threats
  6. Learn abour CORS (Cross Origin Resource Sharing)
  7. Access control list

All you get in one API security course.

Plus, you will get FREE update FOREVER!

Who this course is for:

  • API Developer, API architect who writes API as their part of job, and cares about security (if you haven’t care yet, you should start care!)

Course content

20 sections • 92 lectures • 12h 21m total length
  • Introduction
  • Let’s Start
  • SQL Injection
  • Cross Site Scripting (XSS)
  • Where To Put Security Code
  • Denial of Service (DoS)
  • Encode, Encrypt, Hash
  • Basic Authentication
  • Data Transmission
  • HTTPS Importance
  • Audit Log
  • Access Control List (ACL)
  • Token Authentication
  • Cross Origin Resource Sharing (CORS)
  • Token Without Cookies
  • JSON Web Token (JWT)
  • API Key
  • OAuth2
  • Multi Factor Authentication (MFA)
  • Resources & References
Created by: Timotius Pamungkas, Java Software Engineer, Architect
Last updated 3/2021
Direct Download Available
Hot & New
Rating: 5.0 out of 5
(1 rating)
56 students

Download link

Add a Comment

Your email address will not be published. Required fields are marked *