This course is part of the Secure Coding Practices Specialization

4.7
stars
155 ratings

Sandra Escandor-O'Keefe

10,919 already enrolled

Offered By

Secure Coding Practices SpecializationUniversity of California, Davis

About this Course

17,219 recent views

This course will help you build a foundation of some of the fundamental concepts in secure programming. We will learn about the concepts of threat modeling and cryptography and you'll be able to start to create threat models, and think critically about the threat models created by other people. We'll learn the basics of applying cryptography, such as encryption and secure hashing. We'll learn how attackers can exploit application vulnerabilities through the improper handling user-controlled data. We'll gain a fundamental understanding of injection problems in web applications, including the three most common types of injection problems: SQL injection, cross-site scripting, and command injection. 
We'll also cover application authentication and session management where authentication is a major component of a secure web application and session management is the other side of the same coin, since the authenticated state of user requests need to be properly handled and run as one session. We'll learn about sensitive data exposure issues and how you can help protect your customer's data. We'll cover how to effectively store password-related information, and not to store the actual plaintext passwords. We'll participate in coding assignment that will help you to better understand the mechanisms for effectively storing password-related information.

Along the way, we’ll discuss ways of watching out for and mitigating these issues and be able have some fun and exploit two different vulnerabilities in a web application that was designed to be vulnerable, called WebGoat.

Flexible deadlines

Reset deadlines in accordance to your schedule.

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Course 2 of 4 in the

Secure Coding Practices Specialization

Intermediate Level

1-2 years of experience with some form of computer programming language like C/C++ or Java.

Approx. 13 hours to complete

English

Could your company benefit from training employees on in-demand skills?

Try Coursera for Business

Skills you will gain

Cryptography
Authentication Methods
secure programming

Flexible deadlines

Reset deadlines in accordance to your schedule.

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Course 2 of 4 in the

Secure Coding Practices Specialization

Intermediate Level

1-2 years of experience with some form of computer programming language like C/C++ or Java.

Approx. 13 hours to complete

English

Could your company benefit from training employees on in-demand skills?

Try Coursera for Business

Instructor

Instructor rating

4.66/5 (37 Ratings)

Sandra Escandor-O'Keefe

Offensive Security Engineer at Fastly

Continuing and Professional Education

10,919 Learners

1 Course

Offered by

University of California, Davis

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

Syllabus - What you will learn from this course

Week

Week 1

4 hours to complete

Foundational Topics in Secure Programming

In this module, you will gain exposure to the ideas of threat modeling and applied cryptography. By the end of the module, you will be able to start to create threat models, and think critically about the threat models created by other people. You will be able to apply the STRIDE Method to your threat model and distinguish the trust boundaries in a given system. You will also gain a basic understanding of applied cryptography, such as encryption and secure hashing.

4 hours to complete

14 videos (Total 83 min), 3 readings, 2 quizzes

14 videos

Course Introduction3m

Module 1 Introduction1m

Fundamental Concepts in Security8m

The STRIDE Method Via Example9m

STRIDE Threats In More Detail Via Example4m

Trust Boundaries2m

Cryptography Basics Introduction3m

Cryptography Basics: Block Ciphers9m

Cryptography Basics: Symmetric and Asymmetric Cryptography5m

Cryptography Basics: Hash Functions9m

Cryptography Basics: Application to Threat Models4m

Lab: Threat Model Activity3m

OWASP Top 10 Proactive Controls and Exploits - Part 16m

OWASP Top 10 Proactive Controls and Exploits - Part 29m

3 readings

A Note From UC Davis10m

Welcome to Peer Review Assignments!10m

Reading and Resource20m

1 practice exercise

Module 1 Quiz30m

Week

Week 2

3 hours to complete

Injection Problems

By the end of this module, you will have a fundamental understanding of injection problems in web applications. You'll be able to discuss and describe the three most common types of injection problems: SQL injection, cross-site scripting, and command injection. In order to drive home these concepts, you will be able to work on exploiting a SQL injection vulnerability in the WebGoat application. You'll be able to formulate plans to mitigate injection problems in your applications.

3 hours to complete

17 videos (Total 87 min), 1 reading, 1 quiz

17 videos

Module 2 Introduction1m

General Concepts: Injection Problems4m

SQL Injection Problems8m

Mitigating SQL Injection Using Prepared Statements3m

Mitigating SQL Injection Using Stored Procedures3m

Mitigating SQL Injection Using Whitelisting2m

Injection Problems in Real Life5m

Solution Screencast for Lab: Exploit Using WebGoat's SQLi Example7m

Cross-Site Scripting Introduction3m

HTTP and Document Isolation8m

DOM, Dynamically Generating Pages, and Cross-Site Scripting7m

The 3-Kinds of Cross-Site Scripting Vulnerabilities6m

Comparing and Contrasting Cross-Site Scripting Vulnerabilities3m

OWASP Prescribed Cross-site Scripting Prevention Rules - Part 16m

OWASP Prescribed Cross-site Scripting Prevention Rules - Part 26m

Command Injection Problems3m

OWASP Proactive Controls Related to Injections4m

1 reading

Resources20m

1 practice exercise

Module 2 Quiz30m

Week

Week 3

4 hours to complete

Problems Arising From Broken Authentication

By the end of this module, you will be able to evaluate a system to determine if it follows the generally prescribed secure methods for authentication and session management in web applications. You'll be able to distinguish the relationship between authentication, session management, and access control. You will also be able to exploit WebGoat's authentication and session management vulnerability. As well as be able to evaluate a system to determine if it performs sufficient security logging such that non-repudiation is enforced. This will help drive the concepts that you will learn in this module.

4 hours to complete

11 videos (Total 71 min), 1 reading, 1 quiz

11 videos

Module 3 Introduction1m

Overview of HTTP Protocol7m

Introduction to Authentication10m

Handling Error Messages During Authentication4m

Introduction to Session Management7m

Enforcing Access Control with Session Management7m

Session Management Threat: Bruteforce Session IDs10m

Session Management Theat: Session Fixation Vulnerabilities3m

Logging and Monitoring3m

Solution for Lab #3: WebGoat’s Session Management Vulnerability9m

OWASP Proactive Controls Related to Session Management and Authentication6m

1 reading

Resources20m

1 practice exercise

Module 3 Quiz30m

Week

Week 4

3 hours to complete

Sensitive Data Exposure Problems

3 hours to complete

9 videos (Total 36 min), 1 reading, 2 quizzes

9 videos

Module 4 Introduction2m

Introduction to Sensitive Data Exposure Problems5m

Issue 1: Using PII to Compose Session IDs3m

Issue 2: Not Encrypting Sensitive Information2m

Issue 3: Improperly Storing Passwords5m

Slowing Down Password Bruteforce Attacks7m

Issue 4: Using HTTP for Sensitive Client-server4m

OWASP Proactive Controls Related to Sensitive Data Exposure3m

Course Summary1m

1 reading

Resources20m

1 practice exercise

Module 4 Quiz30m

Reviews

4.7

45 reviews

5 stars
73.71%
4 stars
20.51%
3 stars
4.48%
1 star
1.28%

TOP REVIEWS FROM IDENTIFYING SECURITY VULNERABILITIES

by DAMay 2, 2020

Instructor is very knowledgeable. Content was fantastic & modern. Quizzes weren't easy & really enforced the course content. My favorite course so far of the 4 part series.

by JYSep 6, 2021

It's a good course for who is looking to learn about secure code

by MMJul 24, 2020

Coursera site is very use full for learning,knowledge sharing, quality checking and improve skills

by ANMay 14, 2020

Excellent course material and equally good delivery.

View all reviews

About the Secure Coding Practices Specialization

This Specialization is intended for software developers of any level who are not yet fluent with secure coding and programming techniques.Through four courses, you will cover the principles of secure coding, concepts of threat modeling and cryptography and exploit vulnerabilities in both C/C++ and Java languages, which will prepare you to think like a hacker and protect your organizations information. The courses provide ample practice activities including exploiting WebGoat, an OWASP project designed to teach penetration testing.

Frequently Asked Questions

When will I have access to the lectures and assignments?
Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:
The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.
The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.
What will I get if I subscribe to this Specialization?
When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.
Is financial aid available?
Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

More questions? Visit the Learner Help Center.

Build employee skills, drive business results

Discover Coursera for Business

Identifying Security Vulnerabilities

About this Course

Skills you will gain