Este curso forma parte de Programa especializado: Secure Coding Practices

4.7
estrellas
155 calificaciones

Sandra Escandor-O'Keefe

10.909 ya inscrito

Ofrecido Por

Programa especializado: Secure Coding PracticesUniversidad de California, Davis

Acerca de este Curso

17.596 vistas recientes

This course will help you build a foundation of some of the fundamental concepts in secure programming. We will learn about the concepts of threat modeling and cryptography and you'll be able to start to create threat models, and think critically about the threat models created by other people. We'll learn the basics of applying cryptography, such as encryption and secure hashing. We'll learn how attackers can exploit application vulnerabilities through the improper handling user-controlled data. We'll gain a fundamental understanding of injection problems in web applications, including the three most common types of injection problems: SQL injection, cross-site scripting, and command injection. 
We'll also cover application authentication and session management where authentication is a major component of a secure web application and session management is the other side of the same coin, since the authenticated state of user requests need to be properly handled and run as one session. We'll learn about sensitive data exposure issues and how you can help protect your customer's data. We'll cover how to effectively store password-related information, and not to store the actual plaintext passwords. We'll participate in coding assignment that will help you to better understand the mechanisms for effectively storing password-related information.

Along the way, we’ll discuss ways of watching out for and mitigating these issues and be able have some fun and exploit two different vulnerabilities in a web application that was designed to be vulnerable, called WebGoat.

Fechas límite flexibles

Restablece las fechas límite en función de tus horarios.

Certificado para compartir

Obtén un certificado al finalizar

100 % en línea

Comienza de inmediato y aprende a tu propio ritmo.

Curso 2 de 4 en

Programa especializado: Secure Coding Practices

Nivel intermedio

1-2 years of experience with some form of computer programming language like C/C++ or Java.

Aprox. 13 horas para completar

Inglés (English)

¿Podría tu empresa beneficiarse de la capacitación de los empleados en las habilidades más demandadas?

Prueba Coursera para negocios

Habilidades que obtendrás

Cryptography
Authentication Methods
secure programming

Fechas límite flexibles

Restablece las fechas límite en función de tus horarios.

Certificado para compartir

Obtén un certificado al finalizar

100 % en línea

Comienza de inmediato y aprende a tu propio ritmo.

Curso 2 de 4 en

Programa especializado: Secure Coding Practices

Nivel intermedio

1-2 years of experience with some form of computer programming language like C/C++ or Java.

Aprox. 13 horas para completar

Inglés (English)

¿Podría tu empresa beneficiarse de la capacitación de los empleados en las habilidades más demandadas?

Prueba Coursera para negocios

Instructor

Calificación del instructor

4,66/5 (37 calificaciones)

Sandra Escandor-O'Keefe

Offensive Security Engineer at Fastly

Continuing and Professional Education

10.909 alumnos

1 curso

Ofrecido por

Universidad de California, Davis

Mira cómo los empleados de las mejores empresas dominan las habilidades más demandadas

Obtén más información sobre Coursera para Empresas

Programa - Qué aprenderás en este curso

Semana

Semana 1

4 horas para completar

Foundational Topics in Secure Programming

In this module, you will gain exposure to the ideas of threat modeling and applied cryptography. By the end of the module, you will be able to start to create threat models, and think critically about the threat models created by other people. You will be able to apply the STRIDE Method to your threat model and distinguish the trust boundaries in a given system. You will also gain a basic understanding of applied cryptography, such as encryption and secure hashing.

4 horas para completar

14 videos (Total 83 minutos), 3 lecturas, 2 cuestionarios

14 videos

Course Introduction3m

Module 1 Introduction1m

Fundamental Concepts in Security8m

The STRIDE Method Via Example9m

STRIDE Threats In More Detail Via Example4m

Trust Boundaries2m

Cryptography Basics Introduction3m

Cryptography Basics: Block Ciphers9m

Cryptography Basics: Symmetric and Asymmetric Cryptography5m

Cryptography Basics: Hash Functions9m

Cryptography Basics: Application to Threat Models4m

Lab: Threat Model Activity3m

OWASP Top 10 Proactive Controls and Exploits - Part 16m

OWASP Top 10 Proactive Controls and Exploits - Part 29m

3 lecturas

A Note From UC Davis10m

Welcome to Peer Review Assignments!10m

Reading and Resource20m

1 ejercicio de práctica

Module 1 Quiz30m

Semana

Semana 2

3 horas para completar

Injection Problems

By the end of this module, you will have a fundamental understanding of injection problems in web applications. You'll be able to discuss and describe the three most common types of injection problems: SQL injection, cross-site scripting, and command injection. In order to drive home these concepts, you will be able to work on exploiting a SQL injection vulnerability in the WebGoat application. You'll be able to formulate plans to mitigate injection problems in your applications.

3 horas para completar

17 videos (Total 87 minutos), 1 lectura, 1 cuestionario

17 videos

Module 2 Introduction1m

General Concepts: Injection Problems4m

SQL Injection Problems8m

Mitigating SQL Injection Using Prepared Statements3m

Mitigating SQL Injection Using Stored Procedures3m

Mitigating SQL Injection Using Whitelisting2m

Injection Problems in Real Life5m

Solution Screencast for Lab: Exploit Using WebGoat's SQLi Example7m

Cross-Site Scripting Introduction3m

HTTP and Document Isolation8m

DOM, Dynamically Generating Pages, and Cross-Site Scripting7m

The 3-Kinds of Cross-Site Scripting Vulnerabilities6m

Comparing and Contrasting Cross-Site Scripting Vulnerabilities3m

OWASP Prescribed Cross-site Scripting Prevention Rules - Part 16m

OWASP Prescribed Cross-site Scripting Prevention Rules - Part 26m

Command Injection Problems3m

OWASP Proactive Controls Related to Injections4m

1 lectura

Resources20m

1 ejercicio de práctica

Module 2 Quiz30m

Semana

Semana 3

4 horas para completar

Problems Arising From Broken Authentication

By the end of this module, you will be able to evaluate a system to determine if it follows the generally prescribed secure methods for authentication and session management in web applications. You'll be able to distinguish the relationship between authentication, session management, and access control. You will also be able to exploit WebGoat's authentication and session management vulnerability. As well as be able to evaluate a system to determine if it performs sufficient security logging such that non-repudiation is enforced. This will help drive the concepts that you will learn in this module.

4 horas para completar

11 videos (Total 71 minutos), 1 lectura, 1 cuestionario

11 videos

Module 3 Introduction1m

Overview of HTTP Protocol7m

Introduction to Authentication10m

Handling Error Messages During Authentication4m

Introduction to Session Management7m

Enforcing Access Control with Session Management7m

Session Management Threat: Bruteforce Session IDs10m

Session Management Theat: Session Fixation Vulnerabilities3m

Logging and Monitoring3m

Solution for Lab #3: WebGoat’s Session Management Vulnerability9m

OWASP Proactive Controls Related to Session Management and Authentication6m

1 lectura

Resources20m

1 ejercicio de práctica

Module 3 Quiz30m

Semana

Semana 4

3 horas para completar

Sensitive Data Exposure Problems

3 horas para completar

9 videos (Total 36 minutos), 1 lectura, 2 cuestionarios

9 videos

Module 4 Introduction2m

Introduction to Sensitive Data Exposure Problems5m

Issue 1: Using PII to Compose Session IDs3m

Issue 2: Not Encrypting Sensitive Information2m

Issue 3: Improperly Storing Passwords5m

Slowing Down Password Bruteforce Attacks7m

Issue 4: Using HTTP for Sensitive Client-server4m

OWASP Proactive Controls Related to Sensitive Data Exposure3m

Course Summary1m

1 lectura

Resources20m

1 ejercicio de práctica

Module 4 Quiz30m

Reseñas

4.7

45 reseña

5 stars
73,71 %
4 stars
20,51 %
3 stars
4,48 %
1 star
1,28 %

Principales reseñas sobre IDENTIFYING SECURITY VULNERABILITIES

por E28 de jul. de 2020

I really enjoyed the course just somethings need to be reviewed again so that it could be up to date

por JG18 de nov. de 2020

Very informative & exhaustive coverage. Kudos to the tutor and thank you !!

por NS5 de jul. de 2020

Thank you ma'am it was a great learning with you. I learned so many new things.

por JY6 de sep. de 2021

It's a good course for who is looking to learn about secure code

Ver todas las reseñas

Acerca de Programa especializado: Secure Coding Practices

This Specialization is intended for software developers of any level who are not yet fluent with secure coding and programming techniques.Through four courses, you will cover the principles of secure coding, concepts of threat modeling and cryptography and exploit vulnerabilities in both C/C++ and Java languages, which will prepare you to think like a hacker and protect your organizations information. The courses provide ample practice activities including exploiting WebGoat, an OWASP project designed to teach penetration testing.

Preguntas Frecuentes

¿Cuándo podré acceder a las lecciones y tareas?
El acceso a las clases y las asignaciones depende del tipo de inscripción que tengas. Si tomas un curso en modo de oyente, verás la mayoría de los materiales del curso en forma gratuita. Para acceder a asignaciones calificadas y obtener un certificado, deberás comprar la experiencia de Certificado, ya sea durante o después de participar como oyente. Si no ves la opción de oyente:
es posible que el curso no ofrezca la opción de participar como oyente. En cambio, puedes intentar con una Prueba gratis o postularte para recibir ayuda económica.
Es posible que el curso ofrezca la opción 'Curso completo, sin certificado'. Esta opción te permite ver todos los materiales del curso, enviar las evaluaciones requeridas y obtener una calificación final. También significa que no podrás comprar una experiencia de Certificado.
¿Qué recibiré si me suscribo a este Programa especializado?
Cuando te inscribes en un curso, obtienes acceso a todos los cursos que forman parte del Programa especializado y te darán un Certificado cuando completes el trabajo. Se añadirá tu Certificado electrónico a la página Logros. Desde allí, puedes imprimir tu Certificado o añadirlo a tu perfil de LinkedIn. Si solo quieres leer y visualizar el contenido del curso, puedes auditar el curso sin costo.
¿Hay ayuda económica disponible?
Sí. En ciertos programas de aprendizaje, puedes postularte para recibir ayuda económica o una beca en caso de no poder costear los gastos de la tarifa de inscripción. Si hay ayuda económica o becas disponibles para tu selección de programa de aprendizaje, verás un enlace para postularte en la página de descripción.

¿Tienes más preguntas? Visita el Centro de Ayuda al Estudiante.

Desarrolla habilidades para tus empleados e impulsa los resultados de la empresa

Descubre Coursera para Empresas

Identifying Security Vulnerabilities

Acerca de este Curso

Habilidades que obtendrás