Explore
Online Degrees
Degrees
Online Degree
Explore Bachelor’s & Master’s degrees
MasterTrack™
Earn credit towards a Master’s degree
University Certificates
Advance your career with graduate-level learning
Find your New Career
For Enterprise
For Universities
Browse
Top Courses
Log In
Join for Free
List
Directory
Search for:
Master's Degrees
MasterTracks®
Professional Certificates
Specializations
Courses
Partners
Instructors
Languages
Topics
Videos
Queries
Collections
Course Reviews
Videos
Course: Identifying Security Vulnerabilities. Click
here
to go back.
Course Introduction
Module 1 Introduction
Fundamental Concepts in Security
The STRIDE Method Via Example
STRIDE Threats In More Detail Via Example
Trust Boundaries
Cryptography Basics Introduction
Cryptography Basics: Block Ciphers
Cryptography Basics: Symmetric and Asymmetric Cryptography
Cryptography Basics: Hash Functions
Cryptography Basics: Application to Threat Models
Lab: Threat Model Activity
OWASP Top 10 Proactive Controls and Exploits - Part 1
OWASP Top 10 Proactive Controls and Exploits - Part 2
Module 2 Introduction
General Concepts: Injection Problems
SQL Injection Problems
Mitigating SQL Injection Using Prepared Statements
Mitigating SQL Injection Using Stored Procedures
Mitigating SQL Injection Using Whitelisting
Injection Problems in Real Life
Solution Screencast for Lab: Exploit Using WebGoat's SQLi Example
Cross-Site Scripting Introduction
HTTP and Document Isolation
DOM, Dynamically Generating Pages, and Cross-Site Scripting
The 3-Kinds of Cross-Site Scripting Vulnerabilities
Comparing and Contrasting Cross-Site Scripting Vulnerabilities
OWASP Prescribed Cross-site Scripting Prevention Rules - Part 1
OWASP Prescribed Cross-site Scripting Prevention Rules - Part 2
Command Injection Problems
OWASP Proactive Controls Related to Injections
Module 3 Introduction
Overview of HTTP Protocol
Introduction to Authentication
Handling Error Messages During Authentication
Introduction to Session Management
Enforcing Access Control with Session Management
Session Management Threat: Bruteforce Session IDs
Session Management Theat: Session Fixation Vulnerabilities
Logging and Monitoring
Solution for Lab #3: WebGoat’s Session Management Vulnerability
OWASP Proactive Controls Related to Session Management and Authentication
Module 4 Introduction
Introduction to Sensitive Data Exposure Problems
Issue 1: Using PII to Compose Session IDs
Issue 2: Not Encrypting Sensitive Information
Issue 3: Improperly Storing Passwords
Slowing Down Password Bruteforce Attacks
Issue 4: Using HTTP for Sensitive Client-server
OWASP Proactive Controls Related to Sensitive Data Exposure
Course Summary