Este curso forma parte de Programa especializado: Secure Coding Practices

4.6
estrellas
71 calificaciones
•
19 reseña

Matthew Bishop, PhD

6596 ya inscrito

ofrecido por

Programa especializado: Secure Coding PracticesUniversidad de California, Davis

Acerca de este Curso

10.409 vistas recientes

This course builds upon the skills and coding practices learned in both Principles of Secure Coding and Identifying Security Vulnerabilities, courses one and two, in this specialization.  This course uses the focusing technique that asks you to think about:  “what to watch out for” and “where to look” to evaluate and ultimately remediate fragile C++ library code. 
The techniques you’ll be examining will make your programs perform accurately and be resistant to attempts to perform inaccurately. This is really what the term secure programming means. You will be shown common errors that people make, and then learn how to program more robustly. You will apply tips and best practices to help you improve your programming style and help you to avoid common problems like buffer overflows, which may or may not cause security problems.

Fechas límite flexibles

Restablece las fechas límite en función de tus horarios.

Certificado para compartir

Obtén un certificado al finalizar

100 % en línea

Comienza de inmediato y aprende a tu propio ritmo.

Curso 3 de 4 en

Programa especializado: Secure Coding Practices

Nivel intermedio

Aprox. 23 horas para completar

Inglés (English)

Subtítulos: Francés (French), Portugués (europeo), Ruso (Russian), Inglés (English), Español (Spanish)

Qué aprenderás

Apply “what to watch out for” and “where to look” to evaluate fragility of C++ library code.
Given a fragile C++ library, code a robust version.
Identify problems w/ privilege, trusted environments, input validation, files & sub-processes, resource mngmt, asynchronicity, & randomness in C/C++.
Remediate examples of problems that apply to C/C++ interactions with the programming environment.

Habilidades que obtendrás

Identifying vulernabilities
C/C++ Programming

Fechas límite flexibles

Restablece las fechas límite en función de tus horarios.

Certificado para compartir

Obtén un certificado al finalizar

100 % en línea

Comienza de inmediato y aprende a tu propio ritmo.

Curso 3 de 4 en

Programa especializado: Secure Coding Practices

Nivel intermedio

Aprox. 23 horas para completar

Inglés (English)

Subtítulos: Francés (French), Portugués (europeo), Ruso (Russian), Inglés (English), Español (Spanish)

Instructor

Calificación del instructor

4,77/5 (10 calificaciones)

Matthew Bishop, PhD

Professor

Department of Computer Science

16.046 alumnos

2 cursos

ofrecido por

Universidad de California, Davis

UC Davis, one of the nation’s top-ranked research universities, is a global leader in agriculture, veterinary medicine, sustainability, environmental and biological sciences, and technology. With four colleges and six professional schools, UC Davis and its students and alumni are known for their academic excellence, meaningful public service and profound international impact.

Programa - Qué aprenderás en este curso

Semana

Semana 1

7 horas para completar

Users, Privileges, and Environment Variables

In this module, you will be able to manage users and privileges when you run programs or sub-programs. You will be able to identify and use the different types of privileges on a Linux (and UNIX-like) system. You'll be able to identify how program shells preserve environment settings. You will be able to examine how your shell (or other program that uses the PATH variable) deals with multiple versions of that variable.

7 horas para completar

17 videos (Total 107 minutos), 4 lecturas, 2 cuestionarios

17 videos

Course Introduction2m

Module 1 Introduction2m

Users and Privileges Overview7m

Identifying Users and Changing Privileges7m

Spawning Subprocesses8m

Identifying Users Incorrectly1m

Establishing Users and Setting UIDs8m

Establishing Groups and GIDs3m

Establishing Privileges for Users and Groups11m

How Root Privileges Work3m

Lesson 1 Summary1m

Environment Variables Overview2m

Programming Explicitly4m

Addressing Various Attacks16m

Dynamic Loading and Associated Attacks16m

Programming Implicitly3m

The Moral of the Story5m

4 lecturas

A Note From UC Davis10m

Who Are You? - What is Going On?10m

Resetting the PATH - What is Going On?10m

Multiple PATH Environment Variables - What's Going On?5m

2 ejercicios de práctica

Module 1 Practice Quiz30m

Module 1 Quiz30m

Semana

Semana 2

6 horas para completar

Validation and Verification, Buffer and Numeric Overflows, and Input Injections

In this module, you will be able to breakdown how the process of checking inputs, known as validation and verification works. You will be able to avoid and buffer numeric overflows in your programs. You will be able to discover what happens when you call functions with parameters that cause overflows. And finally, you will be able to detect various input injections such as cross-site scripting and SQL injections and be able to describe the consequences of not examining input.

6 horas para completar

17 videos (Total 162 minutos), 2 lecturas, 2 cuestionarios

17 videos

Module 2 Introduction2m

Validation and Verification Overview8m

Metacharacters11m

The Heartbleed Bug and Other Exploits21m

Inputs15m

Fixes6m

Lesson 3 Summary1m

Buffer Overflows Overview2m

Buffer Overflow Examples18m

Selective Buffer Overflow and Utilizing Canaries17m

Numeric Overflows Overview7m

Numeric Overflow Examples8m

Lesson 4 Summary2m

Input Injections Overview1m

Cross-Site Scripting Attacks18m

SQL Injections10m

Lesson 5 Summary5m

2 lecturas

Path Names - What's Going On?10m

Numeric and Buffer Overflows - What's Going On?10m

2 ejercicios de práctica

Module 2 Practice Quiz15m

Module 2 Quiz30m

Semana

Semana 3

3 horas para completar

Files, Subprocesses, and Race Conditions

In this module, you will be able to describe how files and subprocesses interact and be able to create subprocesses and shell scripts. You will also be able to identify and prevent race conditions in your programs and practice cleaning out environments to make them safe for untrusted subprocesses.

3 horas para completar

13 videos (Total 80 minutos), 1 lectura, 2 cuestionarios

13 videos

Module 3 Introduction2m

Files and Subprocesses Overview52s

Creating a Child Process5m

Subprocess Environment10m

Files and Subprocesses Design Tips5m

Lesson 6 Summary2m

Race Conditions Overview8m

A Classic Race Condition Example9m

Time of Check to Time of Use12m

Programming Condition5m

Environmental Condition7m

Race Conditions6m

Linux Locks and FreeBSD System Calls4m

1 lectura

The Environmental Condition - What's Going On?10m

2 ejercicios de práctica

Module 3 Practice Quiz15m

Module 3 Quiz30m

Semana

Semana 4

7 horas para completar

Randomness, Cryptography, and Other Topics

In this module you will be able to distinguish between pseudo-randomness and actual randomness. You will be able to apply randomness in the coding environment and generate random numbers and look at their distribution. You'll be able to identify and describe how and why cryptography is used, as well as why you should use trusted cryptography code libraries instead of crafting your own solution. You will be able to analyze and consider best practices for handling sensitive information, passwords, crypto keys, how to handle errors in security sensitive programs, and how to defend against string attacks. You will be able to hash a password and then try to guess another one. You will be able to practice cleaning out environments to make them safe for untrusted subprocesses, as well as practice handling integer overflow.

7 horas para completar

19 videos (Total 97 minutos), 4 lecturas, 2 cuestionarios

19 videos

Module 4 Introduction2m

Randomness and Cryptography Overview2m

Pseudorandom vs. Random6m

Producing Random Numbers4m

Sowing Seeds12m

Cryptography Basics3m

Using Cryptography for Secrecy and Integrity8m

Some Cryptography Examples9m

Lesson 8 Summary1m

Handling Sensitive Information and Errors and Formatting Strings Overview1m

All About Passwords7m

Adding a Pinch of Salt4m

Managing Sensitive Data4m

Practice a Secure Function8m

Error Handling Part 14m

Error Handling Part 26m

Format Strings5m

Lesson 9 Summary2m

Course Summary52s

4 lecturas

(Pseudo) Random Numbers - What's Going On?10m

Hashing and Cracking Passwords - What's Going On?10m

A Safe system() Function - What's Going On?10m

Converting Strings to Integers - What's Going On?10m

2 ejercicios de práctica

Module 4 Practice Quiz15m

Module 4 Quiz30m

Reseñas

4.6

19 reseña

5 stars
74,64 %
4 stars
14,08 %
3 stars
9,85 %
1 star
1,40 %

Principales reseñas sobre IDENTIFYING SECURITY VULNERABILITIES IN C/C++PROGRAMMING

por BB22 de feb. de 2021

I liked the course and the instructor is really nice. It could use more code. This course has very minimal code.

por HH30 de may. de 2020

Thoroughly enjoyed the course. learned a lot. thank you.

por RK12 de may. de 2020

Practical demos could have added more fun to this course.

por VP30 de nov. de 2020

More code and Example would be good in this code, Example code for Discussion would be good for ideal reference

Ver todas las reseñas

Acerca de Programa especializado: Secure Coding Practices

This Specialization is intended for software developers of any level who are not yet fluent with secure coding and programming techniques.Through four courses, you will cover the principles of secure coding, concepts of threat modeling and cryptography and exploit vulnerabilities in both C/C++ and Java languages, which will prepare you to think like a hacker and protect your organizations information. The courses provide ample practice activities including exploiting WebGoat, an OWASP project designed to teach penetration testing.

Preguntas Frecuentes

¿Cuándo podré acceder a las lecciones y tareas?
El acceso a las clases y las asignaciones depende del tipo de inscripción que tengas. Si tomas un curso en modo de oyente, verás la mayoría de los materiales del curso en forma gratuita. Para acceder a asignaciones calificadas y obtener un certificado, deberás comprar la experiencia de Certificado, ya sea durante o después de participar como oyente. Si no ves la opción de oyente:
es posible que el curso no ofrezca la opción de participar como oyente. En cambio, puedes intentar con una Prueba gratis o postularte para recibir ayuda económica.
Es posible que el curso ofrezca la opción 'Curso completo, sin certificado'. Esta opción te permite ver todos los materiales del curso, enviar las evaluaciones requeridas y obtener una calificación final. También significa que no podrás comprar una experiencia de Certificado.
¿Qué recibiré si me suscribo a este Programa especializado?
Cuando te inscribes en un curso, obtienes acceso a todos los cursos que forman parte del Programa especializado y te darán un Certificado cuando completes el trabajo. Se añadirá tu Certificado electrónico a la página Logros. Desde allí, puedes imprimir tu Certificado o añadirlo a tu perfil de LinkedIn. Si solo quieres leer y visualizar el contenido del curso, puedes auditar el curso sin costo.
¿Hay ayuda económica disponible?
Sí. En ciertos programas de aprendizaje, puedes postularte para recibir ayuda económica o una beca en caso de no poder costear los gastos de la tarifa de inscripción. Si hay ayuda económica o becas disponibles para tu selección de programa de aprendizaje, verás un enlace para postularte en la página de descripción.

¿Tienes más preguntas? Visita el Centro de Ayuda al Alumno.

Identifying Security Vulnerabilities in C/C++Programming