This course is part of the Secure Coding Practices Specialization

4.7
stars
156 ratings

Sandra Escandor-O'Keefe

11,330 already enrolled

Offered By

Secure Coding Practices SpecializationUniversity of California, Davis

About this Course

20,660 recent views

This course will help you build a foundation of some of the fundamental concepts in secure programming. We will learn about the concepts of threat modeling and cryptography and you'll be able to start to create threat models, and think critically about the threat models created by other people. We'll learn the basics of applying cryptography, such as encryption and secure hashing. We'll learn how attackers can exploit application vulnerabilities through the improper handling user-controlled data. We'll gain a fundamental understanding of injection problems in web applications, including the three most common types of injection problems: SQL injection, cross-site scripting, and command injection. 
We'll also cover application authentication and session management where authentication is a major component of a secure web application and session management is the other side of the same coin, since the authenticated state of user requests need to be properly handled and run as one session. We'll learn about sensitive data exposure issues and how you can help protect your customer's data. We'll cover how to effectively store password-related information, and not to store the actual plaintext passwords. We'll participate in coding assignment that will help you to better understand the mechanisms for effectively storing password-related information.

Along the way, we’ll discuss ways of watching out for and mitigating these issues and be able have some fun and exploit two different vulnerabilities in a web application that was designed to be vulnerable, called WebGoat.

Flexible deadlines

Reset deadlines in accordance to your schedule.

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Coursera Labs

Includes hands on learning projects.

Learn more about Coursera Labs

Course 2 of 4 in the

Secure Coding Practices Specialization

Intermediate Level

1-2 years of experience with some form of computer programming language like C/C++ or Java.

Approx. 13 hours to complete

English

Could your company benefit from training employees on in-demand skills?

Try Coursera for Business

Skills you will gain

Cryptography
Authentication Methods
secure programming

Flexible deadlines

Reset deadlines in accordance to your schedule.

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Coursera Labs

Includes hands on learning projects.

Learn more about Coursera Labs

Course 2 of 4 in the

Secure Coding Practices Specialization

Intermediate Level

1-2 years of experience with some form of computer programming language like C/C++ or Java.

Approx. 13 hours to complete

English

Could your company benefit from training employees on in-demand skills?

Try Coursera for Business

Instructor

Instructor rating

4.66/5 (37 Ratings)

Sandra Escandor-O'Keefe

Offensive Security Engineer at Fastly

Continuing and Professional Education

11,330 Learners

1 Course

Offered by

University of California, Davis

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

Syllabus - What you will learn from this course

Week1

Week 1

4 hours to complete

Foundational Topics in Secure Programming

In this module, you will gain exposure to the ideas of threat modeling and applied cryptography. By the end of the module, you will be able to start to create threat models, and think critically about the threat models created by other people. You will be able to apply the STRIDE Method to your threat model and distinguish the trust boundaries in a given system. You will also gain a basic understanding of applied cryptography, such as encryption and secure hashing.

4 hours to complete

14 videos (Total 83 min), 3 readings, 2 quizzes

14 videos

Course Introduction3mModule 1 Introduction1mFundamental Concepts in Security8mThe STRIDE Method Via Example9mSTRIDE Threats In More Detail Via Example4mTrust Boundaries2mCryptography Basics Introduction3mCryptography Basics: Block Ciphers9mCryptography Basics: Symmetric and Asymmetric Cryptography5mCryptography Basics: Hash Functions9mCryptography Basics: Application to Threat Models4mLab: Threat Model Activity3mOWASP Top 10 Proactive Controls and Exploits - Part 16mOWASP Top 10 Proactive Controls and Exploits - Part 29m

3 readings

A Note From UC Davis10mWelcome to Peer Review Assignments!10mReading and Resource20m

1 practice exercise

Module 1 Quiz30m

Week2

Week 2

3 hours to complete

Injection Problems

By the end of this module, you will have a fundamental understanding of injection problems in web applications. You'll be able to discuss and describe the three most common types of injection problems: SQL injection, cross-site scripting, and command injection. In order to drive home these concepts, you will be able to work on exploiting a SQL injection vulnerability in the WebGoat application. You'll be able to formulate plans to mitigate injection problems in your applications.

3 hours to complete

17 videos (Total 87 min), 1 reading, 1 quiz

17 videos

Module 2 Introduction1mGeneral Concepts: Injection Problems4mSQL Injection Problems8mMitigating SQL Injection Using Prepared Statements3mMitigating SQL Injection Using Stored Procedures3mMitigating SQL Injection Using Whitelisting2mInjection Problems in Real Life5mSolution Screencast for Lab: Exploit Using WebGoat's SQLi Example7mCross-Site Scripting Introduction3mHTTP and Document Isolation8mDOM, Dynamically Generating Pages, and Cross-Site Scripting7mThe 3-Kinds of Cross-Site Scripting Vulnerabilities6mComparing and Contrasting Cross-Site Scripting Vulnerabilities3mOWASP Prescribed Cross-site Scripting Prevention Rules - Part 16mOWASP Prescribed Cross-site Scripting Prevention Rules - Part 26mCommand Injection Problems3mOWASP Proactive Controls Related to Injections4m

1 reading

Resources20m

1 practice exercise

Module 2 Quiz30m

Week3

Week 3

4 hours to complete

Problems Arising From Broken Authentication

By the end of this module, you will be able to evaluate a system to determine if it follows the generally prescribed secure methods for authentication and session management in web applications. You'll be able to distinguish the relationship between authentication, session management, and access control. You will also be able to exploit WebGoat's authentication and session management vulnerability. As well as be able to evaluate a system to determine if it performs sufficient security logging such that non-repudiation is enforced. This will help drive the concepts that you will learn in this module.

4 hours to complete

11 videos (Total 71 min), 1 reading, 1 quiz

11 videos

Module 3 Introduction1mOverview of HTTP Protocol7mIntroduction to Authentication10mHandling Error Messages During Authentication4mIntroduction to Session Management7mEnforcing Access Control with Session Management7mSession Management Threat: Bruteforce Session IDs10mSession Management Theat: Session Fixation Vulnerabilities3mLogging and Monitoring3mSolution for Lab #3: WebGoat’s Session Management Vulnerability9mOWASP Proactive Controls Related to Session Management and Authentication6m

1 reading

Resources20m

1 practice exercise

Module 3 Quiz30m

Week4

Week 4

3 hours to complete

Sensitive Data Exposure Problems

3 hours to complete

9 videos (Total 36 min), 1 reading, 2 quizzes

9 videos

Module 4 Introduction2mIntroduction to Sensitive Data Exposure Problems5mIssue 1: Using PII to Compose Session IDs3mIssue 2: Not Encrypting Sensitive Information2mIssue 3: Improperly Storing Passwords5mSlowing Down Password Bruteforce Attacks7mIssue 4: Using HTTP for Sensitive Client-server4mOWASP Proactive Controls Related to Sensitive Data Exposure3mCourse Summary1m

1 reading

Resources20m

1 practice exercise

Module 4 Quiz30m

Reviews

4.7

45 reviews

5 stars
74.05%
4 stars
20.25%
3 stars
4.43%
1 star
1.26%

TOP REVIEWS FROM IDENTIFYING SECURITY VULNERABILITIES

by DJMay 20, 2020

KINDLY PROVIDE HANDS ON .THERE WAS NO HANDS ON ALL THEORY NO T MUCH USE IF STUDENTS GET ZERO PRACTICAL

by DAMay 2, 2020

Instructor is very knowledgeable. Content was fantastic & modern. Quizzes weren't easy & really enforced the course content. My favorite course so far of the 4 part series.

by JGNov 18, 2020

Very informative & exhaustive coverage. Kudos to the tutor and thank you !!

by JYSep 6, 2021

It's a good course for who is looking to learn about secure code

View all reviews

About the Secure Coding Practices Specialization

This Specialization is intended for software developers of any level who are not yet fluent with secure coding and programming techniques.Through four courses, you will cover the principles of secure coding, concepts of threat modeling and cryptography and exploit vulnerabilities in both C/C++ and Java languages, which will prepare you to think like a hacker and protect your organizations information. The courses provide ample practice activities including exploiting WebGoat, an OWASP project designed to teach penetration testing.

Frequently Asked Questions

When will I have access to the lectures and assignments?
Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:
The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.
The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.
What will I get if I subscribe to this Specialization?
When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.
Is financial aid available?
Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

More questions? Visit the Learner Help Center.

Build employee skills, drive business results

Discover Coursera for Business

Identifying Security Vulnerabilities

About this Course

Skills you will gain