When will I have access to the lectures and assignments?

To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

What will I get if I subscribe to this Specialization?

When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.

Is financial aid available?

Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

Security & Ethical Hacking: Attacking Web and AI Systems

3 days left! Save on skills that make you shine with 40% off 3 months of Coursera Plus. Save now

Security & Ethical Hacking: Attacking Web and AI Systems

This course is part of Security and Ethical Hacking Specialization

Instructor: Ahmed M. Hamza

Included with

Learn more

4 modules

Gain insight into a topic and learn the fundamentals.

Advanced level

Recommended experience

2 weeks to complete

at 10 hours a week

Flexible schedule

Learn at your own pace

Build toward a degree

Learn more

4 modules

Gain insight into a topic and learn the fundamentals.

Advanced level

Recommended experience

2 weeks to complete

at 10 hours a week

Flexible schedule

Learn at your own pace

Build toward a degree

Learn more

What you'll learn

Perform and prevent web application attacks and knowledge of defensive techniques.
Understand AI/ML platform and model attacks as an extension of web attacks.
Describe the range of attacks on artificial intelligence algorithms and systems (adversarial machine learning).

Skills you'll gain

Tools you'll learn

Open Web Application Security Project (OWASP)

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

16 assignments

Taught in English

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

Build your subject-matter expertise

This course is part of the Security and Ethical Hacking Specialization

When you enroll in this course, you'll also be enrolled in this Specialization.

Learn new concepts from industry experts
Gain a foundational understanding of a subject or tool
Develop job-relevant skills with hands-on projects
Earn a shareable career certificate

There are 4 modules in this course

In this course you will learn how the security of web-based software, including deployed AI agents, can be compromised. Real-world attacks we study are conducted against a variety of web technologies and frameworks. In addition, we will introduce the topic of Adversarial Machine Learning (exploiting algorithms and learning techniques) in the Artificial Intelligence domain, including Language Models. We will review and study modern, cutting-edge research in this area.

Course assessments are through quizzes, hands-on exercises and an exam. This course can be taken for academic credit as part of CU Boulder’s MS in Data Science or MS in Computer Science degrees offered on the Coursera platform. These fully accredited graduate degrees offer targeted courses, short 8-week sessions, and pay-as-you-go tuition. Admission is based on performance in three preliminary courses, not academic history. CU degrees on Coursera are ideal for recent graduates or working professionals. Learn more: MS in Data Science: https://www.coursera.org/degrees/master-of-science-data-science-boulder MS in Computer Science: https://coursera.org/degrees/ms-computer-science-boulder

Module details

In this module, we introduce the protocols of the World Wide Web communication, history, and examine several important attack types targeting the server directly through vulnerabilities of web applications – including logic flaws not tied to a particular software weakness.

What's included

2 videos11 readings8 assignments

2 videosTotal 58 minutes

Welcome - Course Overview11 minutes
Protocols of the World Wide Web47 minutes

11 readingsTotal 296 minutes

Course Updates and Accessibility Support1 minute
Earn Academic Credit for Your Work! 10 minutes
Course Support10 minutes
Assessment Expectations5 minutes
AI Citation and Acknowledgement10 minutes
BurpSuite Proxy and Browser30 minutes
Evolution of HTTP40 minutes
Path Traversal60 minutes
File upload exploits60 minutes
OS Command Injection Overview10 minutes
Business Logic Assumptions and Bypasses60 minutes

8 assignmentsTotal 235 minutes

Practice Lab: Path Traversal with URL-encoded Null Terminator Bypass30 minutes
Practice Lab: File Upload with Content-type Restriction Bypass30 minutes
Practice Lab: Command Injection with Output Redirection30 minutes
Practice Lab: User Validation and Trust30 minutes
Practice Lab: Weak Isolation, Authentication Bypass30 minutes
Practice Lab: Information Disclosure60 minutes
AI Policy Quiz5 minutes
Module 1: Server Side Attacks Quiz20 minutes

In this module, we study exploit categories incorporating the client/browser (and assumed privileges of the client) in web attacks, including defenses and potential bypasses.

What's included

1 video8 readings4 assignments

1 videoTotal 9 minutes

Overview of Client-Side Web Exploits9 minutes

8 readingsTotal 360 minutes

Javascript Introduction60 minutes
Evasion: Understanding String Encoding on the Web20 minutes
Cross Site Scripting 60 minutes
Mitigating Cross Site Scripting30 minutes
XSS History - The Myspace Worm60 minutes
CSRF and Defenses60 minutes
What is Clickjacking?30 minutes
Misconfigurations in Cross Origin Resource Sharing40 minutes

4 assignmentsTotal 100 minutes

Practice Lab: Basic XSS Attack30 minutes
Practice Lab: Stored XSS with Defense Bypass by Quote Encoding30 minutes
Practice Lab: Bypassing CSRF Token by Request Type30 minutes
Module 2: Client-Side Web Exploitation Quiz10 minutes

Function-calling language models (AI agents) present unique risks. We practice attacks on live, deployed models that have excessive agency in their server environments, presenting modern, high-level exploitation primitive in web-deployed language agents.

What's included

1 video2 readings3 assignments

This module is an introduction and deep dive into more fundamental, algorithmic types of exploitation against AI systems, namely through study (and careful manipulation) of the machine learning models that power them.

What's included

1 video4 readings1 assignment

1 videoTotal 12 minutes

Overview of Attacks on ML Systems12 minutes

4 readingsTotal 140 minutes

OWASP Top Ten ML20 minutes
Paper: Security and Privacy in Machine Learning10 minutes
Paper: Poisoning, Backdooring Contrastive Learning50 minutes
Paper: Extracting Training Data From Diffusion Models60 minutes

1 assignmentTotal 10 minutes

Module 4: Advanced Topics - Adversarial AI Quiz10 minutes

Earn a career certificate

Add this credential to your LinkedIn profile, resume, or CV. Share it on social media and in your performance review.

Build toward a degree

This course is part of the following degree program(s) offered by University of Colorado Boulder. If you are admitted and enroll, your completed coursework may count toward your degree learning and your progress can transfer with you.¹