Coding for Hackers

Languages › Java

Java

Roadmap

The backbone of enterprise backends — and Log4Shell.

Learning Path Available — Lessons Currently Being Developed

Overview

Java runs an enormous portion of enterprise backends, Android apps, and big-data infrastructure. Its security story is defined by deserialization gadget chains and JNDI injection — the bug class behind Log4Shell. Learning Java means reading enterprise source and understanding the most consequential server-side vulnerability families.

Why learn Java

  • Enterprise backends and Android apps are Java — huge real-world attack surface.
  • Deserialization gadget chains are a Java specialty (and devastating).
  • Reading Java source is core to grey-box web assessments.

Security applications

  • Insecure deserialization and gadget chains
  • JNDI injection (Log4Shell-class bugs)
  • Enterprise web application source review
  • Android application security
  • Spring and servlet attack surface

Planned curriculum

  1. Java syntax and the JVM
  2. Reading enterprise application source
  3. Serialization and deserialization
  4. Gadget chains explained
  5. JNDI and Log4Shell-class injection
  6. Spring framework security
  7. Android app fundamentals
  8. Static analysis of Java code
This path is on the roadmap. The four live courses (Python, JavaScript, Bash, Regex) will teach you most of what carries over.

Related languages

C# Roadmap C++ Roadmap Go Roadmap