This course builds upon the skills and coding practices learned in both Principles of Secure Coding and Identifying Security Vulnerabilities, courses one and two, in this specialization. This course uses the focusing technique that asks you to think about: “what to watch out for” and “where to look” to evaluate and ultimately remediate fragile C++ library code.
提供方
Secure Coding Practices 專項課程加州大学戴维斯分校課程信息
6,280 次近期查看
可靈活調整截止日期
根據您的日程表重置截止日期。
可分享的證書
完成後獲得證書
100% 在線
立即開始,按照自己的計劃學習。
第 3 門課程(共 4 門)
中級
完成時間大約為23 小時
英語(English)
字幕:法語(French), (歐洲人講的)葡萄牙語, 俄語(Russian), 英語(English), 西班牙語(Spanish)
您將學到的內容有
Apply “what to watch out for” and “where to look” to evaluate fragility of C++ library code.
Given a fragile C++ library, code a robust version.
Identify problems w/ privilege, trusted environments, input validation, files & sub-processes, resource mngmt, asynchronicity, & randomness in C/C++.
Remediate examples of problems that apply to C/C++ interactions with the programming environment.
您將獲得的技能
- Identifying vulernabilities
- C/C++ Programming
可靈活調整截止日期
根據您的日程表重置截止日期。
可分享的證書
完成後獲得證書
100% 在線
立即開始,按照自己的計劃學習。
第 3 門課程(共 4 門)
中級
完成時間大約為23 小時
英語(English)
字幕:法語(French), (歐洲人講的)葡萄牙語, 俄語(Russian), 英語(English), 西班牙語(Spanish)
提供方
加州大学戴维斯分校
UC Davis, one of the nation’s top-ranked research universities, is a global leader in agriculture, veterinary medicine, sustainability, environmental and biological sciences, and technology. With four colleges and six professional schools, UC Davis and its students and alumni are known for their academic excellence, meaningful public service and profound international impact.
授課大綱 - 您將從這門課程中學到什麼
完成時間為 7 小時
Users, Privileges, and Environment Variables
In this module, you will be able to manage users and privileges when you run programs or sub-programs. You will be able to identify and use the different types of privileges on a Linux (and UNIX-like) system. You'll be able to identify how program shells preserve environment settings. You will be able to examine how your shell (or other program that uses the PATH variable) deals with multiple versions of that variable.
完成時間為 7 小時
17 個視頻 (總計 107 分鐘), 4 個閱讀材料, 2 個測驗
完成時間為 6 小時
Validation and Verification, Buffer and Numeric Overflows, and Input Injections
In this module, you will be able to breakdown how the process of checking inputs, known as validation and verification works. You will be able to avoid and buffer numeric overflows in your programs. You will be able to discover what happens when you call functions with parameters that cause overflows. And finally, you will be able to detect various input injections such as cross-site scripting and SQL injections and be able to describe the consequences of not examining input.
完成時間為 6 小時
17 個視頻 (總計 162 分鐘), 2 個閱讀材料, 2 個測驗
完成時間為 3 小時
Files, Subprocesses, and Race Conditions
In this module, you will be able to describe how files and subprocesses interact and be able to create subprocesses and shell scripts. You will also be able to identify and prevent race conditions in your programs and practice cleaning out environments to make them safe for untrusted subprocesses.
完成時間為 3 小時
13 個視頻 (總計 80 分鐘), 1 個閱讀材料, 2 個測驗
完成時間為 7 小時
Randomness, Cryptography, and Other Topics
In this module you will be able to distinguish between pseudo-randomness and actual randomness. You will be able to apply randomness in the coding environment and generate random numbers and look at their distribution. You'll be able to identify and describe how and why cryptography is used, as well as why you should use trusted cryptography code libraries instead of crafting your own solution. You will be able to analyze and consider best practices for handling sensitive information, passwords, crypto keys, how to handle errors in security sensitive programs, and how to defend against string attacks. You will be able to hash a password and then try to guess another one. You will be able to practice cleaning out environments to make them safe for untrusted subprocesses, as well as practice handling integer overflow.
完成時間為 7 小時
19 個視頻 (總計 97 分鐘), 4 個閱讀材料, 2 個測驗
審閱
來自IDENTIFYING SECURITY VULNERABILITIES IN C/C++PROGRAMMING的熱門評論
由 BD 提供2020年6月12日
This was interesting: a good introduction on what we need to develop a secure program and most common sources of vulnerabilities. Thank you!
由 BB 提供2021年2月22日
I liked the course and the instructor is really nice. It could use more code. This course has very minimal code.
由 VP 提供2020年11月30日
More code and Example would be good in this code, Example code for Discussion would be good for ideal reference
由 RK 提供2020年5月12日
Practical demos could have added more fun to this course.
關於 Secure Coding Practices 專項課程
This Specialization is intended for software developers of any level who are not yet fluent with secure coding and programming techniques.Through four courses, you will cover the principles of secure coding, concepts of threat modeling and cryptography and exploit vulnerabilities in both C/C++ and Java languages, which will prepare you to think like a hacker and protect your organizations information. The courses provide ample practice activities including exploiting WebGoat, an OWASP project designed to teach penetration testing.
常見問題
我什么时候能够访问课程视频和作业?
我订阅此专项课程后会得到什么?
有助学金吗?
還有其他問題嗎?請訪問 學生幫助中心。
