UC Davis - Identifying Security Vulnerabilities
- Offered byCoursera
- Public/Government Institute
Identifying Security Vulnerabilities at Coursera Overview
Duration | 13 hours |
Total fee | Free |
Mode of learning | Online |
Difficulty level | Intermediate |
Official Website | Explore Free Course  |
Credential | Certificate |
Identifying Security Vulnerabilities at Coursera Highlights
- Shareable Certificate Earn a Certificate upon completion
- 100% online Start instantly and learn at your own schedule.
- Course 2 of 4 in the Secure Coding Practices Specialization
- Flexible deadlines Reset deadlines in accordance to your schedule.
- Intermediate Level 1-2 years of experience with some form of computer programming language like C/C++ or Java.
- Approx. 13 hours to complete
- English Subtitles: Arabic, French, Portuguese (European), Italian, Vietnamese, German, Russian, English, Spanish
Identifying Security Vulnerabilities at Coursera Course details
- This course will help you build a foundation of some of the fundamental concepts in secure programming. We will learn about the concepts of threat modeling and cryptography and you'll be able to start to create threat models, and think critically about the threat models created by other people. We'll learn the basics of applying cryptography, such as encryption and secure hashing. We'll learn how attackers can exploit application vulnerabilities through the improper handling user-controlled data. We'll gain a fundamental understanding of injection problems in web applications, including the three most common types of injection problems: SQL injection, cross-site scripting, and command injection.
- We'll also cover application authentication and session management where authentication is a major component of a secure web application and session management is the other side of the same coin, since the authenticated state of user requests need to be properly handled and run as one session. We'll learn about sensitive data exposure issues and how you can help protect your customer's data. We'll cover how to effectively store password-related information, and not to store the actual plaintext passwords. We'll participate in coding assignment that will help you to better understand the mechanisms for effectively storing password-related information.
- Along the way, we?ll discuss ways of watching out for and mitigating these issues and be able have some fun and exploit two different vulnerabilities in a web application that was designed to be vulnerable, called WebGoat.
Identifying Security Vulnerabilities at Coursera Curriculum
Foundational Topics in Secure Programming
Course Introduction
Module 1 Introduction
Fundamental Concepts in Security
The STRIDE Method Via Example
STRIDE Threats In More Detail Via Example
Trust Boundaries
Cryptography Basics Introduction
Cryptography Basics: Block Ciphers
Cryptography Basics: Symmetric and Asymmetric Cryptography
Cryptography Basics: Hash Functions
Cryptography Basics: Application to Threat Models
Lab: Threat Model Activity
OWASP Top 10 Proactive Controls and Exploits - Part 1
OWASP Top 10 Proactive Controls and Exploits - Part 2
A Note From UC Davis
Welcome to Peer Review Assignments!
Reading and Resource
Module 1 Quiz
Injection Problems
Module 2 Introduction
General Concepts: Injection Problems
SQL Injection Problems
Mitigating SQL Injection Using Prepared Statements
Mitigating SQL Injection Using Stored Procedures
Mitigating SQL Injection Using Whitelisting
Injection Problems in Real Life
Solution Screencast for Lab: Exploit Using WebGoat's SQLi Example
Cross-Site Scripting Introduction
HTTP and Document Isolation
DOM, Dynamically Generating Pages, and Cross-Site Scripting
The 3-Kinds of Cross-Site Scripting Vulnerabilities
Comparing and Contrasting Cross-Site Scripting Vulnerabilities
OWASP Prescribed Cross-site Scripting Prevention Rules - Part 1
OWASP Prescribed Cross-site Scripting Prevention Rules - Part 2
Command Injection Problems
OWASP Proactive Controls Related to Injections
Resources
Module 2 Quiz
Problems Arising From Broken Authentication
Module 3 Introduction
Overview of HTTP Protocol
Introduction to Authentication
Handling Error Messages During Authentication
Introduction to Session Management
Enforcing Access Control with Session Management
Session Management Threat: Bruteforce Session IDs
Session Management Theat: Session Fixation Vulnerabilities
Logging and Monitoring
Solution for Lab #3: WebGoat?s Session Management Vulnerability
OWASP Proactive Controls Related to Session Management and Authentication
Resources
Module 3 Quiz
Sensitive Data Exposure Problems
Module 4 Introduction
Introduction to Sensitive Data Exposure Problems
Issue 1: Using PII to Compose Session IDs
Issue 2: Not Encrypting Sensitive Information
Issue 3: Improperly Storing Passwords
Slowing Down Password Bruteforce Attacks
Issue 4: Using HTTP for Sensitive Client-server
OWASP Proactive Controls Related to Sensitive Data Exposure
Course Summary
Resources
Module 4 Quiz
Other courses offered by Coursera
Student Forum
Anything you would want to ask experts?
Useful Links
Know more about Coursera
Know more about Programs
- Engineering
- Food Technology
- Instrumentation Technology
- BTech Chemical Engineering
- AI & ML Courses
- Aeronautical Engineering
- BTech Petroleum Engineering
- Petroleum Engineering
- VLSI Design
- MTech in Computer Science Engineering
- Metallurgical Engineering
- BTech Robotics Engineering
- BTech in Biotechnology Engineering
- Aerospace Engineering
- BTech Mechatronics Engineering