This course is part of the Secure Coding Practices Specialization

4.6
stars
115 ratings

Sandra Escandor-O'Keefe

7,630 already enrolled

Offered By

Secure Coding Practices SpecializationUniversity of California, Davis

About this Course

12,077 recent views

This course will help you build a foundation of some of the fundamental concepts in secure programming. We will learn about the concepts of threat modeling and cryptography and you'll be able to start to create threat models, and think critically about the threat models created by other people. We'll learn the basics of applying cryptography, such as encryption and secure hashing. We'll learn how attackers can exploit application vulnerabilities through the improper handling user-controlled data. We'll gain a fundamental understanding of injection problems in web applications, including the three most common types of injection problems: SQL injection, cross-site scripting, and command injection. 
We'll also cover application authentication and session management where authentication is a major component of a secure web application and session management is the other side of the same coin, since the authenticated state of user requests need to be properly handled and run as one session. We'll learn about sensitive data exposure issues and how you can help protect your customer's data. We'll cover how to effectively store password-related information, and not to store the actual plaintext passwords. We'll participate in coding assignment that will help you to better understand the mechanisms for effectively storing password-related information.

Along the way, we’ll discuss ways of watching out for and mitigating these issues and be able have some fun and exploit two different vulnerabilities in a web application that was designed to be vulnerable, called WebGoat.

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Course 2 of 4 in the

Secure Coding Practices Specialization

Flexible deadlines

Reset deadlines in accordance to your schedule.

Intermediate Level

1-2 years of experience with some form of computer programming language like C/C++ or Java.

Approx. 13 hours to complete

English

Subtitles: Arabic, French, Portuguese (European), Italian, Vietnamese, German, Russian, English, Spanish

Skills you will gain

CryptographyAuthentication Methodssecure programming

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Course 2 of 4 in the

Secure Coding Practices Specialization

Flexible deadlines

Reset deadlines in accordance to your schedule.

Intermediate Level

1-2 years of experience with some form of computer programming language like C/C++ or Java.

Approx. 13 hours to complete

English

Subtitles: Arabic, French, Portuguese (European), Italian, Vietnamese, German, Russian, English, Spanish

Instructor

Instructor rating

4.75/5 (24 Ratings)

Sandra Escandor-O'Keefe

Offensive Security Engineer at Fastly

Continuing and Professional Education

7,630 Learners

1 Course

Offered by

University of California, Davis

UC Davis, one of the nation’s top-ranked research universities, is a global leader in agriculture, veterinary medicine, sustainability, environmental and biological sciences, and technology. With four colleges and six professional schools, UC Davis and its students and alumni are known for their academic excellence, meaningful public service and profound international impact.

Syllabus - What you will learn from this course

Week

Week 1

4 hours to complete

Foundational Topics in Secure Programming

In this module, you will gain exposure to the ideas of threat modeling and applied cryptography. By the end of the module, you will be able to start to create threat models, and think critically about the threat models created by other people. You will be able to apply the STRIDE Method to your threat model and distinguish the trust boundaries in a given system. You will also gain a basic understanding of applied cryptography, such as encryption and secure hashing.

4 hours to complete

14 videos (Total 83 min), 3 readings, 2 quizzes

14 videos

Course Introduction3m

Module 1 Introduction1m

Fundamental Concepts in Security8m

The STRIDE Method Via Example9m

STRIDE Threats In More Detail Via Example4m

Trust Boundaries2m

Cryptography Basics Introduction3m

Cryptography Basics: Block Ciphers9m

Cryptography Basics: Symmetric and Asymmetric Cryptography5m

Cryptography Basics: Hash Functions9m

Cryptography Basics: Application to Threat Models4m

Lab: Threat Model Activity3m

OWASP Top 10 Proactive Controls and Exploits - Part 16m

OWASP Top 10 Proactive Controls and Exploits - Part 29m

3 readings

A Note From UC Davis10m

Welcome to Peer Review Assignments!10m

Reading and Resource20m

1 practice exercise

Module 1 Quiz30m

Week

Week 2

3 hours to complete

Injection Problems

By the end of this module, you will have a fundamental understanding of injection problems in web applications. You'll be able to discuss and describe the three most common types of injection problems: SQL injection, cross-site scripting, and command injection. In order to drive home these concepts, you will be able to work on exploiting a SQL injection vulnerability in the WebGoat application. You'll be able to formulate plans to mitigate injection problems in your applications.

3 hours to complete

17 videos (Total 87 min), 1 reading, 1 quiz

17 videos

Module 2 Introduction1m

General Concepts: Injection Problems4m

SQL Injection Problems8m

Mitigating SQL Injection Using Prepared Statements3m

Mitigating SQL Injection Using Stored Procedures3m

Mitigating SQL Injection Using Whitelisting2m

Injection Problems in Real Life5m

Solution Screencast for Lab: Exploit Using WebGoat's SQLi Example7m

Cross-Site Scripting Introduction3m

HTTP and Document Isolation8m

DOM, Dynamically Generating Pages, and Cross-Site Scripting7m

The 3-Kinds of Cross-Site Scripting Vulnerabilities6m

Comparing and Contrasting Cross-Site Scripting Vulnerabilities3m

OWASP Prescribed Cross-site Scripting Prevention Rules - Part 16m

OWASP Prescribed Cross-site Scripting Prevention Rules - Part 26m

Command Injection Problems3m

OWASP Proactive Controls Related to Injections4m

1 reading

Resources20m

1 practice exercise

Module 2 Quiz30m

Week

Week 3

4 hours to complete

Problems Arising From Broken Authentication

By the end of this module, you will be able to evaluate a system to determine if it follows the generally prescribed secure methods for authentication and session management in web applications. You'll be able to distinguish the relationship between authentication, session management, and access control. You will also be able to exploit WebGoat's authentication and session management vulnerability. As well as be able to evaluate a system to determine if it performs sufficient security logging such that non-repudiation is enforced. This will help drive the concepts that you will learn in this module.

4 hours to complete

11 videos (Total 71 min), 1 reading, 1 quiz

11 videos

Module 3 Introduction1m

Overview of HTTP Protocol7m

Introduction to Authentication10m

Handling Error Messages During Authentication4m

Introduction to Session Management7m

Enforcing Access Control with Session Management7m

Session Management Threat: Bruteforce Session IDs10m

Session Management Theat: Session Fixation Vulnerabilities3m

Logging and Monitoring3m

Solution for Lab #3: WebGoat’s Session Management Vulnerability9m

OWASP Proactive Controls Related to Session Management and Authentication6m

1 reading

Resources20m

1 practice exercise

Module 3 Quiz30m

Week

Week 4

3 hours to complete

Sensitive Data Exposure Problems

By the end of this module, you will understand how to effectively store password-related information, and NOT to store the actual plaintext passwords. You will also have a hands on coding assignment that will help you to better understand the mechanisms for effectively storing password-related information. Ready?

3 hours to complete

9 videos (Total 36 min), 1 reading, 2 quizzes

9 videos

Module 4 Introduction2m

Introduction to Sensitive Data Exposure Problems5m

Issue 1: Using PII to Compose Session IDs3m

Issue 2: Not Encrypting Sensitive Information2m

Issue 3: Improperly Storing Passwords5m

Slowing Down Password Bruteforce Attacks7m

Issue 4: Using HTTP for Sensitive Client-server4m

OWASP Proactive Controls Related to Sensitive Data Exposure3m

Course Summary1m

1 reading

Resources20m

1 practice exercise

Module 4 Quiz30m

Reviews

4.6

30 reviews

5 stars
69.82%
4 stars
24.13%
3 stars
5.17%
1 star
0.86%

TOP REVIEWS FROM IDENTIFYING SECURITY VULNERABILITIES

by DAMay 2, 2020

Instructor is very knowledgeable. Content was fantastic & modern. Quizzes weren't easy & really enforced the course content. My favorite course so far of the 4 part series.

by WKOct 26, 2020

Excellent course with a broad coverage of all the aspects involved in Application Security, clearly explained and the peer graded labs were fun to do!

by HTMay 15, 2020

The course is really great and got to learn new & interesting concepts except that the webgoat installation tutorial/document is not up to date.

by SJOct 22, 2019

Threat Modeling and Week 4 code submission was very fruitful. Overall good content to learn for developers and Application Engineers.

View all reviews

About the Secure Coding Practices Specialization

This Specialization is intended for software developers of any level who are not yet fluent with secure coding and programming techniques.Through four courses, you will cover the principles of secure coding, concepts of threat modeling and cryptography and exploit vulnerabilities in both C/C++ and Java languages, which will prepare you to think like a hacker and protect your organizations information. The courses provide ample practice activities including exploiting WebGoat, an OWASP project designed to teach penetration testing.

Frequently Asked Questions

When will I have access to the lectures and assignments?
Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:
The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.
The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.
What will I get if I subscribe to this Specialization?
When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.
Is financial aid available?
Yes, Coursera provides financial aid to learners who cannot afford the fee. Apply for it by clicking on the Financial Aid link beneath the "Enroll" button on the left. You'll be prompted to complete an application and will be notified if you are approved. You'll need to complete this step for each course in the Specialization, including the Capstone Project. Learn more.
Will I earn university credit for completing the Course?
This Course doesn't carry university credit, but some universities may choose to accept Course Certificates for credit. Check with your institution to learn more. Online Degrees and Mastertrack™ Certificates on Coursera provide the opportunity to earn university credit.

More questions? Visit the Learner Help Center.

Identifying Security Vulnerabilities

About this Course

Skills you will gain

Instructor

Sandra Escandor-O'Keefe

Offered by

University of California, Davis

Syllabus - What you will learn from this course

Week 1

Foundational Topics in Secure Programming

Week 2

Injection Problems

Week 3

Problems Arising From Broken Authentication

Week 4

Sensitive Data Exposure Problems

Reviews

TOP REVIEWS FROM IDENTIFYING SECURITY VULNERABILITIES

About the Secure Coding Practices Specialization

Frequently Asked Questions

Top Online Courses

Top Online Specializations

Online Certificates

Online Degree Programs

Coursera

Community

More

Identifying Security Vulnerabilities

About this Course

Skills you will gain

Instructor

Sandra Escandor-O'Keefe

Offered by

University of California, Davis

Syllabus - What you will learn from this course

Week 1

Foundational Topics in Secure Programming

Week 2

Injection Problems

Week 3

Problems Arising From Broken Authentication

Week 4

Sensitive Data Exposure Problems

Reviews

TOP REVIEWS FROM IDENTIFYING SECURITY VULNERABILITIES

About the Secure Coding Practices Specialization

Frequently Asked Questions

Coursera Footer

Top Online Courses

Top Online Specializations

Online Certificates

Online Degree Programs

Coursera

Community

More