This course builds upon the skills and coding practices learned in both Principles of Secure Coding and Identifying Security Vulnerabilities, courses one and two, in this specialization. This course uses the focusing technique that asks you to think about: “what to watch out for” and “where to look” to evaluate and ultimately remediate fragile C++ library code.
ofrecido por
Programa Especializado - Secure Coding PracticesUniversidad de California, DavisAcerca de este Curso
10,151 vistas recientes
Certificado para compartir
Obtén un certificado al finalizar
100 % en línea
Comienza de inmediato y aprende a tu propio ritmo.
Curso 3 de 4 en
Fechas límite flexibles
Restablece las fechas límite en función de tus horarios.
Nivel intermedio
Aprox. 23 horas para completar
Inglés (English)
Subtítulos: Inglés (English)
Qué aprenderás
Apply “what to watch out for” and “where to look” to evaluate fragility of C++ library code.
Given a fragile C++ library, code a robust version.
Identify problems w/ privilege, trusted environments, input validation, files & sub-processes, resource mngmt, asynchronicity, & randomness in C/C++.
Remediate examples of problems that apply to C/C++ interactions with the programming environment.
Habilidades que obtendrás
Identifying vulernabilitiesC/C++ Programming
Certificado para compartir
Obtén un certificado al finalizar
100 % en línea
Comienza de inmediato y aprende a tu propio ritmo.
Curso 3 de 4 en
Fechas límite flexibles
Restablece las fechas límite en función de tus horarios.
Nivel intermedio
Aprox. 23 horas para completar
Inglés (English)
Subtítulos: Inglés (English)
ofrecido por
Universidad de California, Davis
UC Davis, one of the nation’s top-ranked research universities, is a global leader in agriculture, veterinary medicine, sustainability, environmental and biological sciences, and technology. With four colleges and six professional schools, UC Davis and its students and alumni are known for their academic excellence, meaningful public service and profound international impact.
Programa - Qué aprenderás en este curso
6 horas para completar
Users, Privileges, and Environment Variables
In this module, you will be able to manage users and privileges when you run programs or sub-programs. You will be able to identify and use the different types of privileges on a Linux (and UNIX-like) system. You'll be able to identify how program shells preserve environment settings. You will be able to examine how your shell (or other program that uses the PATH variable) deals with multiple versions of that variable.
6 horas para completar
17 videos (Total 107 minutos), 4 lecturas, 2 cuestionarios
17 videos
Module 1 Introduction2m
Users and Privileges Overview7m
Identifying Users and Changing Privileges7m
Spawning Subprocesses8m
Identifying Users Incorrectly1m
Establishing Users and Setting UIDs8m
Establishing Groups and GIDs3m
Establishing Privileges for Users and Groups11m
How Root Privileges Work3m
Lesson 1 Summary1m
Environment Variables Overview2m
Programming Explicitly4m
Addressing Various Attacks16m
Dynamic Loading and Associated Attacks16m
Programming Implicitly3m
The Moral of the Story5m
4 lecturas
A Note From UC Davis10m
Who Are You? - What is Going On?10m
Resetting the PATH - What is Going On?10m
Multiple PATH Environment Variables - What's Going On?5m
2 ejercicios de práctica
Module 1 Practice Quiz30m
Module 1 Quiz30m
6 horas para completar
Validation and Verification, Buffer and Numeric Overflows, and Input Injections
In this module, you will be able to breakdown how the process of checking inputs, known as validation and verification works. You will be able to avoid and buffer numeric overflows in your programs. You will be able to discover what happens when you call functions with parameters that cause overflows. And finally, you will be able to detect various input injections such as cross-site scripting and SQL injections and be able to describe the consequences of not examining input.
6 horas para completar
17 videos (Total 162 minutos), 2 lecturas, 2 cuestionarios
17 videos
Validation and Verification Overview8m
Metacharacters11m
The Heartbleed Bug and Other Exploits21m
Inputs15m
Fixes6m
Lesson 3 Summary1m
Buffer Overflows Overview2m
Buffer Overflow Examples18m
Selective Buffer Overflow and Utilizing Canaries17m
Numeric Overflows Overview7m
Numeric Overflow Examples8m
Lesson 4 Summary2m
Input Injections Overview1m
Cross-Site Scripting Attacks18m
SQL Injections10m
Lesson 5 Summary5m
2 lecturas
Path Names - What's Going On?10m
Numeric and Buffer Overflows - What's Going On?10m
2 ejercicios de práctica
Module 2 Practice Quiz15m
Module 2 Quiz30m
3 horas para completar
Files, Subprocesses, and Race Conditions
In this module, you will be able to describe how files and subprocesses interact and be able to create subprocesses and shell scripts. You will also be able to identify and prevent race conditions in your programs and practice cleaning out environments to make them safe for untrusted subprocesses.
3 horas para completar
13 videos (Total 80 minutos), 1 lectura, 2 cuestionarios
13 videos
Files and Subprocesses Overview52s
Creating a Child Process5m
Subprocess Environment10m
Files and Subprocesses Design Tips5m
Lesson 6 Summary2m
Race Conditions Overview8m
A Classic Race Condition Example9m
Time of Check to Time of Use12m
Programming Condition5m
Environmental Condition7m
Race Conditions6m
Linux Locks and FreeBSD System Calls4m
1 lectura
The Environmental Condition - What's Going On?10m
2 ejercicios de práctica
Module 3 Practice Quiz15m
Module 3 Quiz30m
7 horas para completar
Randomness, Cryptography, and Other Topics
In this module you will be able to distinguish between pseudo-randomness and actual randomness. You will be able to apply randomness in the coding environment and generate random numbers and look at their distribution. You'll be able to identify and describe how and why cryptography is used, as well as why you should use trusted cryptography code libraries instead of crafting your own solution. You will be able to analyze and consider best practices for handling sensitive information, passwords, crypto keys, how to handle errors in security sensitive programs, and how to defend against string attacks. You will be able to hash a password and then try to guess another one. You will be able to practice cleaning out environments to make them safe for untrusted subprocesses, as well as practice handling integer overflow.
7 horas para completar
19 videos (Total 97 minutos), 4 lecturas, 2 cuestionarios
19 videos
Randomness and Cryptography Overview2m
Pseudorandom vs. Random6m
Producing Random Numbers4m
Sowing Seeds12m
Cryptography Basics3m
Using Cryptography for Secrecy and Integrity8m
Some Cryptography Examples9m
Lesson 8 Summary1m
Handling Sensitive Information and Errors and Formatting Strings Overview1m
All About Passwords7m
Adding a Pinch of Salt4m
Managing Sensitive Data4m
Practice a Secure Function8m
Error Handling Part 14m
Error Handling Part 26m
Format Strings5m
Lesson 9 Summary2m
Course Summary52s
4 lecturas
(Pseudo) Random Numbers - What's Going On?10m
Hashing and Cracking Passwords - What's Going On?10m
A Safe system() Function - What's Going On?10m
Converting Strings to Integers - What's Going On?10m
2 ejercicios de práctica
Module 4 Practice Quiz15m
Module 4 Quiz30m
Reseñas
Principales reseñas sobre IDENTIFYING SECURITY VULNERABILITIES IN C/C++PROGRAMMING
por RK12 de may. de 2020
Practical demos could have added more fun to this course.
por HH30 de may. de 2020
Thoroughly enjoyed the course. learned a lot. thank you.
Acerca de Programa especializado: Secure Coding Practices
This Specialization is intended for software developers of any level who are not yet fluent with secure coding and programming techniques.Through four courses, you will cover the principles of secure coding, concepts of threat modeling and cryptography and exploit vulnerabilities in both C/C++ and Java languages, which will prepare you to think like a hacker and protect your organizations information. The courses provide ample practice activities including exploiting WebGoat, an OWASP project designed to teach penetration testing.
Preguntas Frecuentes
¿Cuándo podré acceder a las lecciones y tareas?
El acceso a las clases y las asignaciones depende del tipo de inscripción que tengas. Si tomas un curso en modo de oyente, verás la mayoría de los materiales del curso en forma gratuita. Para acceder a asignaciones calificadas y obtener un certificado, deberás comprar la experiencia de Certificado, ya sea durante o después de participar como oyente. Si no ves la opción de oyente:
- es posible que el curso no ofrezca la opción de participar como oyente. En cambio, puedes intentar con una Prueba gratis o postularte para recibir ayuda económica.
- Es posible que el curso ofrezca la opción 'Curso completo, sin certificado'. Esta opción te permite ver todos los materiales del curso, enviar las evaluaciones requeridas y obtener una calificación final. También significa que no podrás comprar una experiencia de Certificado.
¿Qué recibiré si me suscribo a este Programa especializado?
Cuando te inscribes en un curso, obtienes acceso a todos los cursos que forman parte del Programa especializado y te darán un Certificado cuando completes el trabajo. Se añadirá tu Certificado electrónico a la página Logros. Desde allí, puedes imprimir tu Certificado o añadirlo a tu perfil de LinkedIn. Si solo quieres leer y visualizar el contenido del curso, puedes auditar el curso sin costo.
Is financial aid available?
Sí, Coursera ofrece ayuda económica a los estudiantes que no pueden pagar la tarifa. Solicítala haciendo clic en el enlace de Ayuda económica que está debajo del botón “Inscribirse” a la izquierda. Se te pedirá que completes una solicitud. Recibirás una notificación en caso de que se apruebe. Deberás completar este paso para cada uno de los cursos que forman parte del Programa especializado, incluido el proyecto final. Obtén más información.
¿Tienes más preguntas? Visita el Centro de Ayuda al Alumno.
