This course is part of the Secure Coding Practices Specialization

4.6
stars
75 ratings

Matthew Bishop, PhD

7,623 already enrolled

Offered By

Secure Coding Practices SpecializationUniversity of California, Davis

About this Course

9,203 recent views

This course builds upon the skills and coding practices learned in both Principles of Secure Coding and Identifying Security Vulnerabilities, courses one and two, in this specialization.  This course uses the focusing technique that asks you to think about:  “what to watch out for” and “where to look” to evaluate and ultimately remediate fragile C++ library code. 
The techniques you’ll be examining will make your programs perform accurately and be resistant to attempts to perform inaccurately. This is really what the term secure programming means. You will be shown common errors that people make, and then learn how to program more robustly. You will apply tips and best practices to help you improve your programming style and help you to avoid common problems like buffer overflows, which may or may not cause security problems.

Flexible deadlines

Reset deadlines in accordance to your schedule.

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Course 3 of 4 in the

Secure Coding Practices Specialization

Intermediate Level

Approx. 22 hours to complete

English

Could your company benefit from training employees on in-demand skills?

Try Coursera for Business

What you will learn

Apply “what to watch out for” and “where to look” to evaluate fragility of C++ library code.
Given a fragile C++ library, code a robust version.
Identify problems w/ privilege, trusted environments, input validation, files & sub-processes, resource mngmt, asynchronicity, & randomness in C/C++.
Remediate examples of problems that apply to C/C++ interactions with the programming environment.

Skills you will gain

Identifying vulernabilities
C/C++ Programming

Flexible deadlines

Reset deadlines in accordance to your schedule.

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Course 3 of 4 in the

Secure Coding Practices Specialization

Intermediate Level

Approx. 22 hours to complete

English

Could your company benefit from training employees on in-demand skills?

Try Coursera for Business

Instructor

Instructor rating

4.72/5 (12 Ratings)

Matthew Bishop, PhD

Professor

Department of Computer Science

18,586 Learners

2 Courses

Offered by

University of California, Davis

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

Syllabus - What you will learn from this course

Week1

Week 1

7 hours to complete

Users, Privileges, and Environment Variables

In this module, you will be able to manage users and privileges when you run programs or sub-programs. You will be able to identify and use the different types of privileges on a Linux (and UNIX-like) system. You'll be able to identify how program shells preserve environment settings. You will be able to examine how your shell (or other program that uses the PATH variable) deals with multiple versions of that variable.

7 hours to complete

17 videos (Total 107 min), 4 readings, 2 quizzes

17 videos

Course Introduction2mModule 1 Introduction2mUsers and Privileges Overview7mIdentifying Users and Changing Privileges7mSpawning Subprocesses8mIdentifying Users Incorrectly1mEstablishing Users and Setting UIDs8mEstablishing Groups and GIDs3mEstablishing Privileges for Users and Groups11mHow Root Privileges Work3mLesson 1 Summary1mEnvironment Variables Overview2mProgramming Explicitly4mAddressing Various Attacks16mDynamic Loading and Associated Attacks16mProgramming Implicitly3mThe Moral of the Story5m

4 readings

A Note From UC Davis10mWho Are You? - What is Going On?10mResetting the PATH - What is Going On?10mMultiple PATH Environment Variables - What's Going On?5m

2 practice exercises

Module 1 Practice Quiz30mModule 1 Quiz30m

Week2

Week 2

6 hours to complete

Validation and Verification, Buffer and Numeric Overflows, and Input Injections

In this module, you will be able to breakdown how the process of checking inputs, known as validation and verification works. You will be able to avoid and buffer numeric overflows in your programs. You will be able to discover what happens when you call functions with parameters that cause overflows. And finally, you will be able to detect various input injections such as cross-site scripting and SQL injections and be able to describe the consequences of not examining input.

6 hours to complete

17 videos (Total 162 min), 2 readings, 2 quizzes

17 videos

Module 2 Introduction2mValidation and Verification Overview8mMetacharacters11mThe Heartbleed Bug and Other Exploits21mInputs15mFixes6mLesson 3 Summary1mBuffer Overflows Overview2mBuffer Overflow Examples18mSelective Buffer Overflow and Utilizing Canaries17mNumeric Overflows Overview7mNumeric Overflow Examples8mLesson 4 Summary2mInput Injections Overview1mCross-Site Scripting Attacks18mSQL Injections10mLesson 5 Summary5m

2 readings

Path Names - What's Going On?10mNumeric and Buffer Overflows - What's Going On?10m

2 practice exercises

Module 2 Practice Quiz15mModule 2 Quiz30m

Week3

Week 3

3 hours to complete

Files, Subprocesses, and Race Conditions

3 hours to complete

13 videos (Total 80 min), 1 reading, 2 quizzes

13 videos

Module 3 Introduction2mFiles and Subprocesses Overview52sCreating a Child Process5mSubprocess Environment10mFiles and Subprocesses Design Tips5mLesson 6 Summary2mRace Conditions Overview8mA Classic Race Condition Example9mTime of Check to Time of Use12mProgramming Condition5mEnvironmental Condition7mRace Conditions6mLinux Locks and FreeBSD System Calls4m

1 reading

The Environmental Condition - What's Going On?10m

2 practice exercises

Module 3 Practice Quiz15mModule 3 Quiz30m

Week4

Week 4

7 hours to complete

Randomness, Cryptography, and Other Topics

In this module you will be able to distinguish between pseudo-randomness and actual randomness. You will be able to apply randomness in the coding environment and generate random numbers and look at their distribution. You'll be able to identify and describe how and why cryptography is used, as well as why you should use trusted cryptography code libraries instead of crafting your own solution. You will be able to analyze and consider best practices for handling sensitive information, passwords, crypto keys, how to handle errors in security sensitive programs, and how to defend against string attacks. You will be able to hash a password and then try to guess another one. You will be able to practice cleaning out environments to make them safe for untrusted subprocesses, as well as practice handling integer overflow.

7 hours to complete

19 videos (Total 97 min), 4 readings, 2 quizzes

19 videos

Module 4 Introduction2mRandomness and Cryptography Overview2mPseudorandom vs. Random6mProducing Random Numbers4mSowing Seeds12mCryptography Basics3mUsing Cryptography for Secrecy and Integrity8mSome Cryptography Examples9mLesson 8 Summary1mHandling Sensitive Information and Errors and Formatting Strings Overview1mAll About Passwords7mAdding a Pinch of Salt4mManaging Sensitive Data4mPractice a Secure Function8mError Handling Part 14mError Handling Part 26mFormat Strings5mLesson 9 Summary2mCourse Summary52s

4 readings

(Pseudo) Random Numbers - What's Going On?10mHashing and Cracking Passwords - What's Going On?10mA Safe system() Function - What's Going On?10mConverting Strings to Integers - What's Going On?10m

2 practice exercises

Module 4 Practice Quiz15mModule 4 Quiz30m

Reviews

4.6

20 reviews

5 stars
73.33%
4 stars
14.66%
3 stars
10.66%
1 star
1.33%

TOP REVIEWS FROM IDENTIFYING SECURITY VULNERABILITIES IN C/C++PROGRAMMING

by BBFeb 22, 2021

I liked the course and the instructor is really nice. It could use more code. This course has very minimal code.

by VPNov 30, 2020

More code and Example would be good in this code, Example code for Discussion would be good for ideal reference

by RKMay 12, 2020

Practical demos could have added more fun to this course.

by BDJun 12, 2020

This was interesting: a good introduction on what we need to develop a secure program and most common sources of vulnerabilities. Thank you!

View all reviews

About the Secure Coding Practices Specialization

This Specialization is intended for software developers of any level who are not yet fluent with secure coding and programming techniques.Through four courses, you will cover the principles of secure coding, concepts of threat modeling and cryptography and exploit vulnerabilities in both C/C++ and Java languages, which will prepare you to think like a hacker and protect your organizations information. The courses provide ample practice activities including exploiting WebGoat, an OWASP project designed to teach penetration testing.

Frequently Asked Questions

When will I have access to the lectures and assignments?
Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:
The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.
The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.
What will I get if I subscribe to this Specialization?
When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.
Is financial aid available?
Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

More questions? Visit the Learner Help Center.

Build employee skills, drive business results

Discover Coursera for Business

Identifying Security Vulnerabilities in C/C++Programming

About this Course

What you will learn

Skills you will gain