In this MOOC, you will learn how to hack web apps with command injection vulnerabilities in a web site of your AWS Linux instance. You will learn how to search valuable information on a typical Linux systems with LAMP services, and deposit and hide Trojans for future exploitation. You will learn how to patch these web apps with input validation using regular expression. You will learn a security design pattern to avoid introducing injection vulnerabilities by input validation and replacing generic system calls with specific function calls. You will learn how to hack web apps with SQL injection vulnerabilities and retrieve user profile information and passwords. You will learn how to patch them with input validation and SQL parameter binding. You will learn the hacking methodology, Nessus tool for scanning vulnerabilities, Kali Linux for penetration testing, and Metasploit Framework for gaining access to vulnerable Windows Systems, deploying keylogger, and perform Remote VNC server injection. You will learn security in memory systems and virtual memory layout, and understand buffer overflow attacks and their defenses. You will learn how to clone a Kali instance with AWS P2 GPU support and perform hashcat password cracking using dictionary attacks and known pattern mask attacks.
Hacking and Patching
This course is part of Fundamentals of Computer Network Security Specialization
Instructor: Edward Chow
61,099 already enrolled
Included with
(269 reviews)
Details to know
Add to your LinkedIn profile
4 assignments
See how employees at top companies are mastering in-demand skills
Build your subject-matter expertise
- Learn new concepts from industry experts
- Gain a foundational understanding of a subject or tool
- Develop job-relevant skills with hands-on projects
- Earn a shareable career certificate
Earn a career certificate
Add this credential to your LinkedIn profile, resume, or CV
Share it on social media and in your performance review
There are 4 modules in this course
In this module we will learn how to hack web app with command injection vulnerability with only four characters malicious string. We will learn how to hack web app with database backend with SQL injection vulnerability and potentially show the list of passwords by injecting string to overwrite SQL query. We will learn how to perform code review to spot the key statements/their patterns that expose the programs for such injection attacks and learn how to patch them. We will learn how to apply security design pattern to defend injection attacks and enhance web security.
What's included
4 videos3 readings1 assignment1 peer review1 discussion prompt
In this module we will learn how to hack web app with database backend with SQL injection vulnerability and potentially show the list of passwords by injecting string to overwrite SQL query.We will learn how to perform code review to spot the key statements/their patterns that expose the programs for such injection attacks and learn how to patch them. We will learn the eight-step hacker methodology for exploit systems. For the escalating privilege techniques, we show how to leverage command injection vulnerability to search file systems and deposit/hide Trojans for future exploit.
What's included
6 videos5 readings1 assignment1 peer review
In this module, we learn about the typical protection mechanism provided by the modern OS to prevent process from accessing other pages data belong different process. We will also learn buffer overflow attacks and their common defenses.
What's included
4 videos2 readings1 assignment
In this module we will learn how to perform Vulnerability Scanning with Nessus tool, learn to perform penetration testing using tools included in Kali Linux distribution and to use Metasploit Framework to take control a vulnerable machine, deploy keylogger, run remote shell and remote VNC injection. We will also learn how to clone an AWS P2.xlarge GPU instance from a Ubuntu image with hashcat software to crack passwords.
What's included
6 videos3 readings1 assignment1 peer review
Instructor
Offered by
Recommended if you're interested in Computer Security and Networks
University of Colorado System
Pontificia Universidad Católica de Chile
University of Colorado System
Why people choose Coursera for their career
Learner reviews
Showing 3 of 269
269 reviews
- 5 stars
60.22%
- 4 stars
14.12%
- 3 stars
5.20%
- 2 stars
3.71%
- 1 star
16.72%
New to Computer Security and Networks? Start here.
Open new doors with Coursera Plus
Unlimited access to 7,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription
Advance your career with an online degree
Earn a degree from world-class universities - 100% online
Join over 3,400 global companies that choose Coursera for Business
Upskill your employees to excel in the digital economy
Frequently asked questions
Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:
The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.
The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.
When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.
If you subscribed, you get a 7-day free trial during which you can cancel at no penalty. After that, we don’t give refunds, but you can cancel your subscription at any time. See our full refund policy.