Security for the Web: Introduction - WEB SECURITY | Coursera

瀏覽
頂級課程
登錄
免費加入

Security for the Web: Introduction

Loading...

软件安全

马里兰大学帕克分校

4.6（1,237 個評分） | 58K 名學生已註冊

課程 2（共 5 門，网络安全專項課程）

This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.

查看授課大綱

您將學習的技能

Fuzz Testing, Buffer Overflow, Sql Injection, Penetration Test

審閱

4.6（1,237 個評分）

5 stars
71.70%
4 stars
21.90%
3 stars
4.60%
2 stars
0.80%
1 star
0.97%

DT

2016年5月8日

The course of this kind was extremely needed, still in it's current state it contains lots of inaccuracies in lectures and quizes. I hope they will be fixed up to the future sessions.

KN

2016年10月18日

Week 5 about program analysis and is very interesting and many concepts are new to me. This is also a very well structured course. I had a great time studying it. Thanks, Mike.

從本節課中

WEB SECURITY

Web security: Attacks and defenses

Security for the Web: Introduction3:33

Web Basics10:31

SQL Injection10:35

SQL Injection Countermeasures9:17

Web-based State Using Hidden Fields and Cookies13:51

Session Hijacking6:55

Cross-site Request Forgery - CSRF6:36

Cross-site Scripting13:39

Interview with Kevin Haley21:13

教學方

Michael Hicks
Professor

以免費的價格試聽課程

腳本

[SOUND] So far, we have focused on programs written in C and C++. We've examined how vulnerabilities in programs written in these languages can lead to attacks that violate memory safety. Resulting in code injection or lack of sensitive data. We've also looked at various defenses against these attacks, one effective defense is to use a memory safe programming language. In this unit, we turn our attention to internet security focusing on applications that are part of the World-Wide Web. While many web applications are implemented in type-safe languages, and thus avoid memory safety issues, they have their own sets of problems. These problems go by names like SQL injection, Cross-site Scripting, Cross-site Request Forgery, and Session Hijacking. Interestingly, the issue's underlying web vulnerabilities are sometimes very similar to memory vulnerabilities. For example, sequel injection, SQL injection and cross side scripting arise because like buffer overflows the applications failure to properly validate it's input results in it treating data as if it were code. Modern web, sometimes called web 2.0, brings in the additional complication of mobile code. In particular when you visit a website, code from that site will be silently downloaded to your machine, and then run. Well how do you ensure that this code does not violate the security of other programs running in your browser or on your machine the outline for this unit is as follows. First, we will look into the technical details of the basic world wide web. We will see how typical web applications are structured at the client and at the server. We'll examine HTTP, the hypertext transfer protocol which client and servers use to communicate. We'll see how improper interaction with the database on the server can enable an attack called sequel injection. Next we'll look at how web applications implement a femoral, that is short lived, non persistent state. Such state is useful during a long lived session. Typically a femoral state is implemented using hidden form fields and cookies. Unfortunately, sloppy use of these features can lead to attacks such as session hijacking and cross-site request forgery or CSRF. With these attacks, an adversary can take over a user's account or manipulate an application to act for that user. But in the adversaries interests. Finally we'll look at so called web 2.0 which characterizes the modern web. The modern web makes heavy use of mobile code, often written in the language JavaScript. JavaScript programs originate at a server but run at the client. Running code at the client creates new possibilities for attack. One of which is called Cross-site Scripting of XSS. With XSS, a user's tricked into running code he thinks is from a trusted website. But in fact it's from a malicious source. Throughout the unit, we will look at various defenses to these attacks. One common theme of all of the defenses should be familiar, validate your input. So let's begin by looking at the basics of the web 1.0.

探索我們的目錄

免費加入並獲得個性化推薦、更新和優惠。

Coursera Footer

熱門在線課程

Finding Purpose & Meaning in Life
Understanding Medical Research
Japanese for Beginners
Introduction to Cloud Computing
Foundations of Mindfulness
Fundamentals of Finance
機器學習
使用 SAS Viya 進行機器學習
幸福科學
Covid-19 Contact Tracing
適用於所有人的人工智能課程
金融市場
心理學導論
Getting Started with AWS
International Marketing
C++
Predictive Analytics & Data Mining
UCSD Learning How to Learn
Michigan Programming for Everybody
JHU R Programming
Google CBRS CPI Training

熱門在線專項課程

Natural Language Processing (NLP)
AI for Medicine
Good with Words: Writing & Editing
Infections Disease Modeling
The Pronounciation of American English
Software Testing Automation
深度學習
零基礎 Python 入門
數據科學
商務基礎
Excel 辦公技能
Data Science with Python
Finance for Everyone
Communication Skills for Engineers
Sales Training
職業品牌管理職業生涯品牌管理
Wharton Business Analytics
Penn Positive Psychology
Washington Machine Learning
CalArts Graphic Design

在線證書

專業證書
MasterTrack 證書
Google IT 支持
IBM 數據科學
Google Cloud Data Engineering
IBM Applied AI
Google Cloud Architecture
IBM Cybersecurity Analyst
Google IT Automation with Python
IBM z/OS Mainframe Practitioner
UCI Applied Project Management
Instructional Design Certificate
Construction Engineering and Management Certificate
Big Data Certificate
Machine Learning for Analytics Certificate
Innovation Management & Entrepreneurship Certificate
Sustainabaility and Development Certificate
Social Work Certificate
AI and Machine Learning Certificate
Spatial Data Analysis and Visualization Certificate

在線學位課程

Computer Science Degrees
Business Degrees
公共衛生學位
Data Science Degrees
學士學位
計算機科學學士
MS Electrical Engineering
Bachelor Completion Degree
MS Management
MS Computer Science
MPH
Accounting Master's Degree
MCIT
MBA Online
數據科學應用碩士
Global MBA
Master's of Innovation & Entrepreneurship
MCS Data Science
Master's in Computer Science
公共健康碩士

Coursera

關於
我們提供的內容
管理團隊
工作機會
目錄
證書
MasterTrack™ 證書
學位
企業版
政府版
面向校園

社區

學生
合作夥伴
開發者
Beta 測試人員
專業譯員
博客
技術博客
教學中心

更多

條款
隱私
幫助
內容訪問
媒體
聯繫我們
目錄
附屬公司

隨時隨地學習

通過 Google Play 獲取

© 2021 Coursera Inc.保留所有權利。