Acerca de este Curso
1,940 vistas recientes

100 % en línea

Comienza de inmediato y aprende a tu propio ritmo.

Fechas límite flexibles

Restablece las fechas límite en función de tus horarios.

Nivel intermedio

Aprox. 12 horas para completar

Sugerido: 4 weeks of study, 2-5 hours/week...

Inglés (English)

Subtítulos: Inglés (English)

Qué aprenderás

  • Check

    Practice protecting against various kinds of cross-site scripting (XSS) attacks.

  • Check

    Form plans to mitigate injection vulnerabilities in your web application.

  • Check

    Create strategies and controls to provide secure authentication.

  • Check

    Examine code to find and patch vulnerable components.

Habilidades que obtendrás

Javasecure programmingJava Programmingsecurity

100 % en línea

Comienza de inmediato y aprende a tu propio ritmo.

Fechas límite flexibles

Restablece las fechas límite en función de tus horarios.

Nivel intermedio

Aprox. 12 horas para completar

Sugerido: 4 weeks of study, 2-5 hours/week...

Inglés (English)

Subtítulos: Inglés (English)

Programa - Qué aprenderás en este curso

Semana
1
7 horas para completar

Setup and Introduction to Cross Site Scripting Attacks

14 videos (Total 89 minutos), 3 readings, 2 quizzes
14 videos
Tips and Tricks to Use Git for Course and Project8m
How to Import WebGoat into IDE7m
How to Run WebGoat in a Docker Container5m
Injection Attacks: What They Are and How They Affect Us9m
Cross-site Scripting (XSS), Part 110m
Protecting Against Cross-site Scripting (XSS), Part 29m
Patching Reflected Cross-site Scripting (XSS), Part 36m
Stored Cross-site Scripting (XSS)14m
Dangers of Cross-site Scripting (XSS) Attacks4m
A Note About Finding Lessons on WebGoat32s
Introduction to Labs (Peer Reviewed)2m
3 lecturas
A Note From UC Davis10m
OWASP Cross Site Scripting Prevention Cheat Sheet1h
Note About Peer Review Assignments10m
1 ejercicio de práctica
Module 1 Quiz30m
Semana
2
7 horas para completar

Injection Attacks

10 videos (Total 80 minutos), 2 readings, 2 quizzes
10 videos
Solution to SQL Injection Attacks (SQLi)7m
SQL Injection Attacks: Evaluation of Code13m
XML External Entity (XXE) Attacks8m
Demo of an XML External Entity (XXE) Attack to Gain Remote Code Execution (RCE)5m
Evaluation of Code - XXE through a REST Framework8m
Solution: Evaluation of Code - XXE through a REST Framework8m
Patching the XXE Vulnerability9m
2 lecturas
OWASP SQL Injection Prevention Cheat Sheet45m
OWASP XML External Entity Prevention Cheat Sheet45m
1 ejercicio de práctica
Module 2 Quiz30m
Semana
3
6 horas para completar

Authentication and Authorization

12 videos (Total 57 minutos), 2 readings, 2 quizzes
12 videos
Tips and Tricks for Burp Suite: Use Proxy to Intercept Traffic4m
Solution to Authentication Bypass: Evaluation of Code7m
Finding Vulnerabilities and Logical Flaws in Source Code10m
Introduction to JSON Web Tokens (JWT) and Authentication Bypass49s
Authentication Flaw JSON Web Tokens (JWT)7m
Solution Demo: Exploiting JSON Web Tokens (JWT)8m
Evaluating Code to Find the JSON Web Tokens (JWT) Flaw4m
Hint Video: (JWT) Patching the Vulnerable Code in WebGoat47s
Solution to Patch JWT Flaw6m
2 lecturas
OWASP Transaction Authorization Cheat Sheet1h
A Beginner's Guide to JWTs in Java'45m
1 ejercicio de práctica
Module 3 Quiz30m
Semana
4
4 horas para completar

Dangers of Vulnerable Components and Final Project

5 videos (Total 26 minutos), 3 readings, 2 quizzes
3 lecturas
Article: How Hackers Broke Equifax: Exploiting a Patchable Vulnerabil10m
Article: Exploiting OGNL Injection in Apache Struts30m
Note About Peer Review Assignments10m
1 ejercicio de práctica
Module 4 Practice Quiz5m

Instructor

Avatar

Joubin Jabbari

Software Security Architect, Financial Industry
Continuing and Professional Education

Acerca de Universidad de California, Davis

UC Davis, one of the nation’s top-ranked research universities, is a global leader in agriculture, veterinary medicine, sustainability, environmental and biological sciences, and technology. With four colleges and six professional schools, UC Davis and its students and alumni are known for their academic excellence, meaningful public service and profound international impact....

Acerca del programa especializado Secure Coding Practices

This Specialization is intended for software developers of any level who are not yet fluent with secure coding and programming techniques.Through four courses, you will cover the principles of secure coding, concepts of threat modeling and cryptography and exploit vulnerabilities in both C/C++ and Java languages, which will prepare you to think like a hacker and protect your organizations information. The courses provide ample practice activities including exploiting WebGoat, an OWASP project designed to teach penetration testing....
Secure Coding Practices

Preguntas Frecuentes

  • Una vez que te inscribes para obtener un Certificado, tendrás acceso a todos los videos, cuestionarios y tareas de programación (si corresponde). Las tareas calificadas por compañeros solo pueden enviarse y revisarse una vez que haya comenzado tu sesión. Si eliges explorar el curso sin comprarlo, es posible que no puedas acceder a determinadas tareas.

  • Cuando te inscribes en un curso, obtienes acceso a todos los cursos que forman parte del Programa especializado y te darán un Certificado cuando completes el trabajo. Se añadirá tu Certificado electrónico a la página Logros. Desde allí, puedes imprimir tu Certificado o añadirlo a tu perfil de LinkedIn. Si solo quieres leer y visualizar el contenido del curso, puedes auditar el curso sin costo.

¿Tienes más preguntas? Visita el Centro de Ayuda al Alumno.