Monthly Subscription Starting at AED 99 + VAT

Identifying Security Vulnerabilities
  • Level Professional
  • المدة 14 ساعات hours
  • الطبع بواسطة University of California, Davis
  • Offered by

عن

This course will help you build a foundation of some of the fundamental concepts in secure programming. We will learn about the concepts of threat modeling and cryptography and you'll be able to start to create threat models, and think critically about the threat models created by other people. We'll learn the basics of applying cryptography, such as encryption and secure hashing. We'll learn how attackers can exploit application vulnerabilities through the improper handling user-controlled data. We'll gain a fundamental understanding of injection problems in web applications, including the three most common types of injection problems: SQL injection, cross-site scripting, and command injection. We'll also cover application authentication and session management where authentication is a major component of a secure web application and session management is the other side of the same coin, since the authenticated state of user requests need to be properly handled and run as one session. We'll learn about sensitive data exposure issues and how you can help protect your customer's data. We'll cover how to effectively store password-related information, and not to store the actual plaintext passwords. We'll participate in coding assignment that will help you to better understand the mechanisms for effectively storing password-related information. Along the way, we’ll discuss ways of watching out for and mitigating these issues and be able have some fun and exploit two different vulnerabilities in a web application that was designed to be vulnerable, called WebGoat.

الوحدات

Getting Started

    • 1 Videos
    • 1 Readings
    • 1 Discussion
Show info about module content

1 Discussions

  • Learning Goals

1 Videos

  • Course Introduction

1 Readings

  • A Note From UC Davis

Foundational Topics in Secure Programming - Part 1

    • 10 Videos
Show info about module content

10 Videos

  • Module 1 Introduction
  • Fundamental Concepts in Security
  • The STRIDE Method Via Example
  • STRIDE Threats In More Detail Via Example
  • Trust Boundaries
  • Cryptography Basics Introduction
  • Cryptography Basics: Block Ciphers
  • Cryptography Basics: Symmetric and Asymmetric Cryptography
  • Cryptography Basics: Hash Functions
  • Cryptography Basics: Application to Threat Models

Threat Model Activity

    • 1 Videos
    • 1 Readings
    • 1 PeerReview
Show info about module content

1 Peer Review

  • Creating a Threat Model

1 Videos

  • Lab: Threat Model Activity

1 Readings

  • Welcome to Peer Review Assignments!

Foundational Topics in Secure Programming - Part 2

    • 2 Videos
    • 1 Discussion
Show info about module content

1 Discussions

  • Lab #1: Setting Up Your System - WebGoat & Burp

2 Videos

  • OWASP Top 10 Proactive Controls and Exploits - Part 1
  • OWASP Top 10 Proactive Controls and Exploits - Part 2

Review and Readings

    • 1 Readings
    • 1 Assignment
Show info about module content

1 Assignment

  • Module 1 Quiz

1 Readings

  • Reading and Resource

Injection Problems

    • 17 Videos
    • 1 Discussion
Show info about module content

1 Discussions

  • Lab #2: How to Exploit WebGoat’s SQL injection Example

17 Videos

  • Module 2 Introduction
  • General Concepts: Injection Problems
  • SQL Injection Problems
  • Mitigating SQL Injection Using Prepared Statements
  • Mitigating SQL Injection Using Stored Procedures
  • Mitigating SQL Injection Using Whitelisting
  • Injection Problems in Real Life
  • Solution Screencast for Lab: Exploit Using WebGoat's SQLi Example
  • Cross-Site Scripting Introduction
  • HTTP and Document Isolation
  • DOM, Dynamically Generating Pages, and Cross-Site Scripting
  • The 3-Kinds of Cross-Site Scripting Vulnerabilities
  • Comparing and Contrasting Cross-Site Scripting Vulnerabilities
  • OWASP Prescribed Cross-site Scripting Prevention Rules - Part 1
  • OWASP Prescribed Cross-site Scripting Prevention Rules - Part 2
  • Command Injection Problems
  • OWASP Proactive Controls Related to Injections

Review and Resources

    • 1 Readings
    • 1 Assignment
Show info about module content

1 Assignment

  • Module 2 Quiz

1 Readings

  • Resources

Problems Arising From Broken Authentication

    • 11 Videos
    • 1 Discussion
Show info about module content

1 Discussions

  • Lab #3: WebGoat's Session Management Vulnerability

11 Videos

  • Module 3 Introduction
  • Overview of HTTP Protocol
  • Introduction to Authentication
  • Handling Error Messages During Authentication
  • Introduction to Session Management
  • Enforcing Access Control with Session Management
  • Session Management Threat: Bruteforce Session IDs
  • Session Management Theat: Session Fixation Vulnerabilities
  • Logging and Monitoring
  • Solution for Lab #3: WebGoat’s Session Management Vulnerability
  • OWASP Proactive Controls Related to Session Management and Authentication

Review and Resources

    • 1 Readings
    • 1 Assignment
Show info about module content

1 Assignment

  • Module 3 Quiz

1 Readings

  • Resources

Sensitive Data Exposure Problems

    • 8 Videos
Show info about module content

8 Videos

  • Module 4 Introduction
  • Introduction to Sensitive Data Exposure Problems
  • Issue 1: Using PII to Compose Session IDs
  • Issue 2: Not Encrypting Sensitive Information
  • Issue 3: Improperly Storing Passwords
  • Slowing Down Password Bruteforce Attacks
  • Issue 4: Using HTTP for Sensitive Client-server
  • OWASP Proactive Controls Related to Sensitive Data Exposure

Storing Passwords Activity

    • 1 PeerReview
Show info about module content

1 Peer Review

  • Storing Passwords Lab Activity

Review and Resources

    • 1 Readings
    • 1 Assignment
Show info about module content

1 Assignment

  • Module 4 Quiz

1 Readings

  • Resources

Course Summary

    • 1 Videos
    • 1 Discussion
Show info about module content

1 Discussions

  • Self-Reflection

1 Videos

  • Course Summary

Auto Summary

"Identifying Security Vulnerabilities" is a comprehensive course offered by Coursera, designed to build a strong foundation in secure programming within the IT & Computer Science domain. Guided by industry experts, this course delves into essential topics such as threat modeling, cryptography, and the identification and mitigation of application vulnerabilities. Learners will explore how attackers exploit weaknesses through improper handling of user data and gain insights into common injection problems like SQL injection, cross-site scripting, and command injection. Additionally, the course covers critical aspects of application authentication, session management, and sensitive data protection, including best practices for securely storing passwords. Participants will engage in hands-on coding assignments and practical exercises, including exploiting vulnerabilities in the intentionally vulnerable web application, WebGoat, to solidify their understanding. With a duration of 840 minutes, this professional-level course is ideal for IT professionals seeking to enhance their skills in securing web applications. Available through Coursera's Starter subscription, this course promises an engaging and practical learning experience for those committed to mastering the art of identifying and mitigating security vulnerabilities.

Sandra Escandor-O'Keefe
Instructor

Sandra Escandor-O'Keefe