hands-on coding · Self-paced + weekly live clinic
Spring Boot Hardening for Regulated APIs
Security filters, actuator lockdown, and audit trails tuned for teams that already ship Boot services.
- Duration
- 5 weeks · 54 mentor hours
- Schedule
- Flexible
- Level
- Advanced
- Price
- 14,900 THB (informational)
Spring Boot 3.3 · Gradle · Testcontainers
Description
We rebuild a sample expense API with layered security: resource server tokens, custom AccessDeniedHandler flows, and structured audit events pushed to a mock SIEM. Labs assume Java 21 toolchain and GitHub Actions runners.
What arrives in your repo
- Spring Security 6 resource server recipes
- Actuator endpoint allowlists per profile
- Structured logging with trace + span IDs
- Bean validation error payloads for mobile clients
- Contract tests with Spring Cloud Contract stubs
- OWASP dependency check wired into Gradle
- Office hour on TH PDPA logging expectations
Outcomes we expect you to evidence
- Ship a hardened Boot service with documented threat model
- Automate dependency posture reporting
- Draft an operations-ready audit event catalog
Responsible instructor
Krit Prasert
Security reviewer for regional fintech APIs.
FAQ
We issue a completion certificate; it is not a vendor credential.
Yes — weekly digest emails summarize submitted labs only, no grades.
We do not cover Kubernetes network policies; bring your platform team for that layer.
Experience notes
“Spring Boot Hardening week three actuator lab caught three overexposed endpoints we had marked "temporary" since 2022.”
“SIEM mock felt toy-like but the JSON schema matched what our SOC asked for — worth the Saturday clinics.”