Hacking and Patching

Hacking and Patching

This course is part of Fundamentals of Computer Network Security Specialization

Instructor: Edward Chow

62,899 already enrolled

Included with Coursera Plus

Learn more

4 modules

Gain insight into a topic and learn the fundamentals.

4.0

(275 reviews)

Intermediate level

Some related experience required

Flexible schedule

Approx. 15 hours

Learn at your own pace

86%

Most learners liked this course

4 modules

Gain insight into a topic and learn the fundamentals.

4.0

(275 reviews)

Intermediate level

Some related experience required

Flexible schedule

Approx. 15 hours

Learn at your own pace

86%

Most learners liked this course

Skills you'll gain

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

4 assignments

Taught in English

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

Build your subject-matter expertise

This course is part of the Fundamentals of Computer Network Security Specialization

When you enroll in this course, you'll also be enrolled in this Specialization.

Learn new concepts from industry experts
Gain a foundational understanding of a subject or tool
Develop job-relevant skills with hands-on projects
Earn a shareable career certificate

Earn a career certificate

Add this credential to your LinkedIn profile, resume, or CV

Share it on social media and in your performance review

There are 4 modules in this course

In this MOOC, you will learn how to hack web apps with command injection vulnerabilities in a web site of your AWS Linux instance. You will learn how to search valuable information on a typical Linux systems with LAMP services, and deposit and hide Trojans for future exploitation. You will learn how to patch these web apps with input validation using regular expression. You will learn a security design pattern to avoid introducing injection vulnerabilities by input validation and replacing generic system calls with specific function calls. You will learn how to hack web apps with SQL injection vulnerabilities and retrieve user profile information and passwords. You will learn how to patch them with input validation and SQL parameter binding. You will learn the hacking methodology, Nessus tool for scanning vulnerabilities, Kali Linux for penetration testing, and Metasploit Framework for gaining access to vulnerable Windows Systems, deploying keylogger, and perform Remote VNC server injection. You will learn security in memory systems and virtual memory layout, and understand buffer overflow attacks and their defenses. You will learn how to clone a Kali instance with AWS P2 GPU support and perform hashcat password cracking using dictionary attacks and known pattern mask attacks.

In this module we will learn how to hack web app with command injection vulnerability with only four characters malicious string. We will learn how to hack web app with database backend with SQL injection vulnerability and potentially show the list of passwords by injecting string to overwrite SQL query. We will learn how to perform code review to spot the key statements/their patterns that expose the programs for such injection attacks and learn how to patch them. We will learn how to apply security design pattern to defend injection attacks and enhance web security.

What's included

4 videos3 readings1 assignment1 peer review1 discussion prompt

4 videosTotal 33 minutes

Course Overview3 minutesPreview module
Command Injection11 minutes
Review Code to Detect Pattern to Defend Command Injection12 minutes
Apply Security Design Pattern to Defend Command Injection Attack6 minutes

3 readingsTotal 65 minutes

Get help and meet other learners. Join your Community!5 minutes
OWASP Command Injection30 minutes
Detecting Command Injection30 minutes

1 assignmentTotal 30 minutes

Exam 3.1. Assessing Injection Web App Attacks and Their Defenses30 minutes

1 peer reviewTotal 60 minutes

Project 3a Hacking Web Apps with Command Injections and Patching them60 minutes

1 discussion promptTotal 15 minutes

Good Cybersecurity Design Patterns. What are out there?15 minutes

In this module we will learn how to hack web app with database backend with SQL injection vulnerability and potentially show the list of passwords by injecting string to overwrite SQL query.We will learn how to perform code review to spot the key statements/their patterns that expose the programs for such injection attacks and learn how to patch them. We will learn the eight-step hacker methodology for exploit systems. For the escalating privilege techniques, we show how to leverage command injection vulnerability to search file systems and deposit/hide Trojans for future exploit.

What's included

6 videos5 readings1 assignment1 peer review

6 videosTotal 53 minutes

SQL Injection Attacks10 minutesPreview module
Patching Web App with SQL Injection Vulnerability5 minutes
Hacking Methodology9 minutes
Demystify New OS/PL Will Not Have Injection Vulnerabilities8 minutes
Escalate Privileges via Deploying Trojan10 minutes
Escalate Privileges by Bringing in Sophisticated Trojan8 minutes

5 readingsTotal 150 minutes

SQL Injection30 minutes
SQL Injection Prevention Cheat Sheet30 minutes
Red Teaming: The Art of Ethical Hacking30 minutes
Understanding Privilege Escalation30 minutes
National Vulnerability Database Entry30 minutes

1 assignmentTotal 30 minutes

Exam 3.2. Assessing SQL Injection and Hacking Methodology30 minutes

1 peer reviewTotal 60 minutes

Project 3b. SQL Injection Attacks and Defenses60 minutes

In this module, we learn about the typical protection mechanism provided by the modern OS to prevent process from accessing other pages data belong different process. We will also learn buffer overflow attacks and their common defenses.

What's included

4 videos2 readings1 assignment

4 videosTotal 50 minutes

Security in Memory Systems and Virtual Memory Layout15 minutesPreview module
Variables Allocation in Virtual Memory Layout5 minutes
Buffer Overflow14 minutes
Buffer Overflow Defense15 minutes

2 readingsTotal 60 minutes

OWASP Memory Leaks30 minutes
OWASP Buffer Overflow Attacks30 minutes

1 assignmentTotal 30 minutes

Exam 3.3. Assessing Buffer Overflow Attacks and Defenses30 minutes

In this module we will learn how to perform Vulnerability Scanning with Nessus tool, learn to perform penetration testing using tools included in Kali Linux distribution and to use Metasploit Framework to take control a vulnerable machine, deploy keylogger, run remote shell and remote VNC injection. We will also learn how to clone an AWS P2.xlarge GPU instance from a Ubuntu image with hashcat software to crack passwords.

What's included

6 videos3 readings1 assignment1 peer review

6 videosTotal 37 minutes

Vulnerability Scanning with Nessus7 minutesPreview module
Vulnerability and WannaCry Ransomware7 minutes
Penetration Testing with Kali Linux6 minutes
Metasploit Framework10 minutes
Keylogging3 minutes
Remote VNC Server Injection1 minute

3 readingsTotal 90 minutes

Nessus Training30 minutes
Kali Linux & Documentation30 minutes
Metasploit Resources30 minutes

1 assignmentTotal 30 minutes

Exam 3.4. Assessing the Scanning and Penetration Testing Skills30 minutes

1 peer reviewTotal 120 minutes

Project 3c. Cracking Linux password with hashcat using AWS P2 GPU.120 minutes

Instructor

Instructor ratings

4.3 (30 ratings)

Edward Chow

University of Colorado System

8 Courses127,515 learners

Offered by

University of Colorado System

Explore more from Computer Security and Networks

Packt
An Introduction to Ethical Hacking with Kali Linux
Course
Packt
Intermediate Ethical Hacking Techniques
Course
Packt
Ethical Hacking Foundations
Course
LearnKartS
Ethical Hacking Fundamentals
Course

Why people choose Coursera for their career

Felipe M.

Learner since 2018

"To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."

Jennifer J.

Learner since 2020

"I directly applied the concepts and skills I learned from my courses to an exciting new project at work."

Larry W.

Learner since 2021

"When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."

Chaitanya A.

"Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."

Learner reviews

4.0

275 reviews

5 stars
61.09%
4 stars
13.81%
3 stars
5.09%
2 stars
3.63%
1 star
16.36%

Showing 3 of 275

Reviewed on Aug 5, 2020

For this course the first 2 course is compulsory to complete that's the issue.

Reviewed on Sep 13, 2019

This Course is very interested. I hope I will learn it for use purpose also.

Reviewed on May 24, 2020

It was Great course to have and very skillful knowledge about Basic for Hacking

View more reviews

New to Computer Security and Networks? Start here.

Open new doors with Coursera Plus

Unlimited access to 10,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription

Learn more

Advance your career with an online degree

Earn a degree from world-class universities - 100% online

Explore degrees

Join over 3,400 global companies that choose Coursera for Business

Upskill your employees to excel in the digital economy

Learn more

Frequently asked questions

Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:

The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.
The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.

If you subscribed, you get a 7-day free trial during which you can cancel at no penalty. After that, we don’t give refunds, but you can cancel your subscription at any time. See our full refund policy.