When will I have access to the lectures and assignments?

To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

What will I get if I subscribe to this Specialization?

When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.

Is financial aid available?

Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

Hacking and Patching

4 days left! Save on skills that make you shine with 40% off 3 months of Coursera Plus. Save now

Hacking and Patching

This course is part of Fundamentals of Computer Network Security Specialization

Instructor: Edward Chow

64,769 already enrolled

Included with

Learn more

4 modules

Gain insight into a topic and learn the fundamentals.

279 reviews

Intermediate level

Some related experience required

Flexible schedule

2 weeks at 10 hours a week

Learn at your own pace

85%

Most learners liked this course

4 modules

Gain insight into a topic and learn the fundamentals.

279 reviews

Intermediate level

Some related experience required

Flexible schedule

2 weeks at 10 hours a week

Learn at your own pace

85%

Most learners liked this course

Skills you'll gain

Tools you'll learn

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

4 assignments

Taught in English

91% of learners achieved a positive career outcome

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

Build your subject-matter expertise

This course is part of the Fundamentals of Computer Network Security Specialization

When you enroll in this course, you'll also be enrolled in this Specialization.

Learn new concepts from industry experts
Gain a foundational understanding of a subject or tool
Develop job-relevant skills with hands-on projects
Earn a shareable career certificate

There are 4 modules in this course

In this MOOC, you will learn how to hack web apps with command injection vulnerabilities in a web site of your AWS Linux instance. You will learn how to search valuable information on a typical Linux systems with LAMP services, and deposit and hide Trojans for future exploitation. You will learn how to patch these web apps with input validation using regular expression. You will learn a security design pattern to avoid introducing injection vulnerabilities by input validation and replacing generic system calls with specific function calls. You will learn how to hack web apps with SQL injection vulnerabilities and retrieve user profile information and passwords. You will learn how to patch them with input validation and SQL parameter binding. You will learn the hacking methodology, Nessus tool for scanning vulnerabilities, Kali Linux for penetration testing, and Metasploit Framework for gaining access to vulnerable Windows Systems, deploying keylogger, and perform Remote VNC server injection. You will learn security in memory systems and virtual memory layout, and understand buffer overflow attacks and their defenses. You will learn how to clone a Kali instance with AWS P2 GPU support and perform hashcat password cracking using dictionary attacks and known pattern mask attacks.

Module details

In this module we will learn how to hack web app with command injection vulnerability with only four characters malicious string. We will learn how to hack web app with database backend with SQL injection vulnerability and potentially show the list of passwords by injecting string to overwrite SQL query. We will learn how to perform code review to spot the key statements/their patterns that expose the programs for such injection attacks and learn how to patch them. We will learn how to apply security design pattern to defend injection attacks and enhance web security.

What's included

4 videos3 readings1 assignment1 peer review1 discussion prompt

4 videosTotal 34 minutes

Course Overview3 minutes
Command Injection11 minutes
Review Code to Detect Pattern to Defend Command Injection12 minutes
Apply Security Design Pattern to Defend Command Injection Attack7 minutes

3 readingsTotal 65 minutes

Get help and meet other learners. Join your Community!5 minutes
OWASP Command Injection30 minutes
Detecting Command Injection30 minutes

1 assignmentTotal 30 minutes

Exam 3.1. Assessing Injection Web App Attacks and Their Defenses30 minutes

1 peer reviewTotal 60 minutes

Project 3a Hacking Web Apps with Command Injections and Patching them60 minutes

1 discussion promptTotal 15 minutes

Good Cybersecurity Design Patterns. What are out there?15 minutes

In this module we will learn how to hack web app with database backend with SQL injection vulnerability and potentially show the list of passwords by injecting string to overwrite SQL query.We will learn how to perform code review to spot the key statements/their patterns that expose the programs for such injection attacks and learn how to patch them. We will learn the eight-step hacker methodology for exploit systems. For the escalating privilege techniques, we show how to leverage command injection vulnerability to search file systems and deposit/hide Trojans for future exploit.

What's included

6 videos5 readings1 assignment1 peer review

6 videosTotal 54 minutes

SQL Injection Attacks11 minutes
Patching Web App with SQL Injection Vulnerability5 minutes
Hacking Methodology10 minutes
Demystify New OS/PL Will Not Have Injection Vulnerabilities8 minutes
Escalate Privileges via Deploying Trojan11 minutes
Escalate Privileges by Bringing in Sophisticated Trojan9 minutes

5 readingsTotal 150 minutes

SQL Injection30 minutes
SQL Injection Prevention Cheat Sheet30 minutes
Red Teaming: The Art of Ethical Hacking30 minutes
Understanding Privilege Escalation30 minutes
National Vulnerability Database Entry30 minutes

1 assignmentTotal 30 minutes

Exam 3.2. Assessing SQL Injection and Hacking Methodology30 minutes

1 peer reviewTotal 60 minutes

Project 3b. SQL Injection Attacks and Defenses60 minutes

In this module, we learn about the typical protection mechanism provided by the modern OS to prevent process from accessing other pages data belong different process. We will also learn buffer overflow attacks and their common defenses.

What's included

4 videos2 readings1 assignment

4 videosTotal 51 minutes

Security in Memory Systems and Virtual Memory Layout15 minutes
Variables Allocation in Virtual Memory Layout6 minutes
Buffer Overflow14 minutes
Buffer Overflow Defense16 minutes

2 readingsTotal 60 minutes

OWASP Memory Leaks30 minutes
OWASP Buffer Overflow Attacks30 minutes

1 assignmentTotal 30 minutes

Exam 3.3. Assessing Buffer Overflow Attacks and Defenses30 minutes

In this module we will learn how to perform Vulnerability Scanning with Nessus tool, learn to perform penetration testing using tools included in Kali Linux distribution and to use Metasploit Framework to take control a vulnerable machine, deploy keylogger, run remote shell and remote VNC injection. We will also learn how to clone an AWS P2.xlarge GPU instance from a Ubuntu image with hashcat software to crack passwords.