本課程是 Secure Coding Practices 專項課程專項課程的一部分

4.6
星
154 個評分

Sandra Escandor-O'Keefe

10,562 人已註冊

提供方

Secure Coding Practices 專項課程加州大学戴维斯分校

課程信息

26,046 次近期查看

This course will help you build a foundation of some of the fundamental concepts in secure programming. We will learn about the concepts of threat modeling and cryptography and you'll be able to start to create threat models, and think critically about the threat models created by other people. We'll learn the basics of applying cryptography, such as encryption and secure hashing. We'll learn how attackers can exploit application vulnerabilities through the improper handling user-controlled data. We'll gain a fundamental understanding of injection problems in web applications, including the three most common types of injection problems: SQL injection, cross-site scripting, and command injection. 
We'll also cover application authentication and session management where authentication is a major component of a secure web application and session management is the other side of the same coin, since the authenticated state of user requests need to be properly handled and run as one session. We'll learn about sensitive data exposure issues and how you can help protect your customer's data. We'll cover how to effectively store password-related information, and not to store the actual plaintext passwords. We'll participate in coding assignment that will help you to better understand the mechanisms for effectively storing password-related information.

Along the way, we’ll discuss ways of watching out for and mitigating these issues and be able have some fun and exploit two different vulnerabilities in a web application that was designed to be vulnerable, called WebGoat.

可靈活調整截止日期

根據您的日程表重置截止日期。

可分享的證書

完成後獲得證書

100% 在線

立即開始，按照自己的計劃學習。

第 2 門課程（共 4 門）

Secure Coding Practices 專項課程

中級

1-2 years of experience with some form of computer programming language like C/C++ or Java.

完成時間大約為13 小時

英語（English）

對員工進行熱門技能培訓能否為您的公司帶來益處？

體驗 Coursera 企業版

您將獲得的技能

Cryptography
Authentication Methods
secure programming

可靈活調整截止日期

根據您的日程表重置截止日期。

可分享的證書

完成後獲得證書

100% 在線

立即開始，按照自己的計劃學習。

第 2 門課程（共 4 門）

Secure Coding Practices 專項課程

中級

1-2 years of experience with some form of computer programming language like C/C++ or Java.

完成時間大約為13 小時

英語（English）

對員工進行熱門技能培訓能否為您的公司帶來益處？

體驗 Coursera 企業版

授課教師

授課教師評分

4.65/5 （36 個評分）

Sandra Escandor-O'Keefe

Offensive Security Engineer at Fastly

Continuing and Professional Education

10,562 個學生

1 門課程

提供方

加州大学戴维斯分校

了解頂級公司的員工如何掌握熱門技能

了解關於 Coursera for Business 的更多信息

授課大綱 - 您將從這門課程中學到什麼

週

週 1

完成時間為 4 小時

Foundational Topics in Secure Programming

In this module, you will gain exposure to the ideas of threat modeling and applied cryptography. By the end of the module, you will be able to start to create threat models, and think critically about the threat models created by other people. You will be able to apply the STRIDE Method to your threat model and distinguish the trust boundaries in a given system. You will also gain a basic understanding of applied cryptography, such as encryption and secure hashing.

完成時間為 4 小時

14 個視頻（總計 83 分鐘）, 3 個閱讀材料, 2 個測驗

14 個視頻

Course Introduction3分鐘

Module 1 Introduction1分鐘

Fundamental Concepts in Security8分鐘

The STRIDE Method Via Example9分鐘

STRIDE Threats In More Detail Via Example4分鐘

Trust Boundaries2分鐘

Cryptography Basics Introduction3分鐘

Cryptography Basics: Block Ciphers9分鐘

Cryptography Basics: Symmetric and Asymmetric Cryptography5分鐘

Cryptography Basics: Hash Functions9分鐘

Cryptography Basics: Application to Threat Models4分鐘

Lab: Threat Model Activity3分鐘

OWASP Top 10 Proactive Controls and Exploits - Part 16分鐘

OWASP Top 10 Proactive Controls and Exploits - Part 29分鐘

3 個閱讀材料

A Note From UC Davis10分鐘

Welcome to Peer Review Assignments!10分鐘

Reading and Resource20分鐘

1 個練習

Module 1 Quiz30分鐘

週

週 2

完成時間為 3 小時

Injection Problems

By the end of this module, you will have a fundamental understanding of injection problems in web applications. You'll be able to discuss and describe the three most common types of injection problems: SQL injection, cross-site scripting, and command injection. In order to drive home these concepts, you will be able to work on exploiting a SQL injection vulnerability in the WebGoat application. You'll be able to formulate plans to mitigate injection problems in your applications.

完成時間為 3 小時

17 個視頻（總計 87 分鐘）, 1 個閱讀材料, 1 個測驗

17 個視頻

Module 2 Introduction1分鐘

General Concepts: Injection Problems4分鐘

SQL Injection Problems8分鐘

Mitigating SQL Injection Using Prepared Statements3分鐘

Mitigating SQL Injection Using Stored Procedures3分鐘

Mitigating SQL Injection Using Whitelisting2分鐘

Injection Problems in Real Life5分鐘

Solution Screencast for Lab: Exploit Using WebGoat's SQLi Example7分鐘

Cross-Site Scripting Introduction3分鐘

HTTP and Document Isolation8分鐘

DOM, Dynamically Generating Pages, and Cross-Site Scripting7分鐘

The 3-Kinds of Cross-Site Scripting Vulnerabilities6分鐘

Comparing and Contrasting Cross-Site Scripting Vulnerabilities3分鐘

OWASP Prescribed Cross-site Scripting Prevention Rules - Part 16分鐘

OWASP Prescribed Cross-site Scripting Prevention Rules - Part 26分鐘

Command Injection Problems3分鐘

OWASP Proactive Controls Related to Injections4分鐘

1 個閱讀材料

Resources20分鐘

1 個練習

Module 2 Quiz30分鐘

週

週 3

完成時間為 4 小時

Problems Arising From Broken Authentication

By the end of this module, you will be able to evaluate a system to determine if it follows the generally prescribed secure methods for authentication and session management in web applications. You'll be able to distinguish the relationship between authentication, session management, and access control. You will also be able to exploit WebGoat's authentication and session management vulnerability. As well as be able to evaluate a system to determine if it performs sufficient security logging such that non-repudiation is enforced. This will help drive the concepts that you will learn in this module.

完成時間為 4 小時

11 個視頻（總計 71 分鐘）, 1 個閱讀材料, 1 個測驗

11 個視頻

Module 3 Introduction1分鐘

Overview of HTTP Protocol7分鐘

Introduction to Authentication10分鐘

Handling Error Messages During Authentication4分鐘

Introduction to Session Management7分鐘

Enforcing Access Control with Session Management7分鐘

Session Management Threat: Bruteforce Session IDs10分鐘

Session Management Theat: Session Fixation Vulnerabilities3分鐘

Logging and Monitoring3分鐘

Solution for Lab #3: WebGoat’s Session Management Vulnerability9分鐘

OWASP Proactive Controls Related to Session Management and Authentication6分鐘

1 個閱讀材料

Resources20分鐘

1 個練習

Module 3 Quiz30分鐘

週

週 4

完成時間為 3 小時

Sensitive Data Exposure Problems

完成時間為 3 小時

9 個視頻（總計 36 分鐘）, 1 個閱讀材料, 2 個測驗

9 個視頻

Module 4 Introduction2分鐘

Introduction to Sensitive Data Exposure Problems5分鐘

Issue 1: Using PII to Compose Session IDs3分鐘

Issue 2: Not Encrypting Sensitive Information2分鐘

Issue 3: Improperly Storing Passwords5分鐘

Slowing Down Password Bruteforce Attacks7分鐘

Issue 4: Using HTTP for Sensitive Client-server4分鐘

OWASP Proactive Controls Related to Sensitive Data Exposure3分鐘

Course Summary1分鐘

1 個閱讀材料

Resources20分鐘

1 個練習

Module 4 Quiz30分鐘

審閱

4.6

45 條評論

5 stars
73.54%
4 stars
20.64%
3 stars
4.51%
1 star
1.29%

來自IDENTIFYING SECURITY VULNERABILITIES的熱門評論

由 MM 提供2020年7月24日

Coursera site is very use full for learning,knowledge sharing, quality checking and improve skills

由 JG 提供2020年11月18日

Very informative & exhaustive coverage. Kudos to the tutor and thank you !!

由 JY 提供2021年9月6日

It's a good course for who is looking to learn about secure code

由 SR 提供2020年6月17日

Perfect Course learn about mitigating vulnerabilities!

查看所有評論

關於 Secure Coding Practices 專項課程

This Specialization is intended for software developers of any level who are not yet fluent with secure coding and programming techniques.Through four courses, you will cover the principles of secure coding, concepts of threat modeling and cryptography and exploit vulnerabilities in both C/C++ and Java languages, which will prepare you to think like a hacker and protect your organizations information. The courses provide ample practice activities including exploiting WebGoat, an OWASP project designed to teach penetration testing.

常見問題

我什么时候能够访问课程视频和作业？
讲座和作业的访问权限取决于您的注册类型。如果您以旁听模式参加课程，则可以免费查看大多数课程资料。要访问评分作业并获得证书，您需要在旁听期间或之后购买证书体验。如果看不到旁听选项：
课程可能不提供旁听选项。您可以尝试免费试用，也可以申请助学金。
课程可能会改为提供'完整课程，没有证书'。通过此选项，您可以查看所有课程材料、提交所要求的作业，以及获得最终成绩。这也意味着您将无法购买证书体验。
我订阅此专项课程后会得到什么？
您注册课程后，将有权访问专项课程中的所有课程，并且会在完成课程后获得证书。您的电子课程证书将添加到您的成就页中，您可以通过该页打印您的课程证书或将其添加到您的领英档案中。如果您只想阅读和查看课程内容，可以免费旁听课程。
有助学金吗？
是的。如果您负担不起学习计划的注册费，则可以在选择学习计划时申请助学金或奖学金。如果您选择的学习计划提供助学金或奖学金，则您将在描述页面上看到一个申请链接。

還有其他問題嗎？請訪問學生幫助中心。

培養員工技能，推動業務成果

探索 Coursera for Business

Identifying Security Vulnerabilities

課程信息

您將獲得的技能

授課教師

Sandra Escandor-O'Keefe

提供方

加州大学戴维斯分校

授課大綱 - 您將從這門課程中學到什麼

Foundational Topics in Secure Programming

Injection Problems

Problems Arising From Broken Authentication

Sensitive Data Exposure Problems

審閱

來自IDENTIFYING SECURITY VULNERABILITIES的熱門評論

關於 Secure Coding Practices 專項課程

常見問題

開拓職業生涯或促進職業發展

Popular Courses and Certifications

Popular collections and articles

在線獲得學位或證書

Coursera

社區

更多

Identifying Security Vulnerabilities

課程信息

您將獲得的技能

授課教師

Sandra Escandor-O'Keefe

提供方

加州大学戴维斯分校

授課大綱 - 您將從這門課程中學到什麼

Foundational Topics in Secure Programming

Injection Problems

Problems Arising From Broken Authentication

Sensitive Data Exposure Problems

審閱

來自IDENTIFYING SECURITY VULNERABILITIES的熱門評論

關於 Secure Coding Practices 專項課程

常見問題

Coursera Footer

開拓職業生涯或促進職業發展

Popular Courses and Certifications

Popular collections and articles

在線獲得學位或證書

Coursera

社區

更多