Security for the Web: Introduction - WEB SECURITY | Coursera

瀏覽 Coursera 的全部課程

瀏覽
頂級課程
登錄
免費加入

Security for the Web: Introduction

Loading...

软件安全

马里兰大学帕克分校

4.6（1,084 個評分） | 45K 名學生已註冊

課程 1（共 5 門，网络安全專項課程）

This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.

查看授課大綱

您將學習的技能

Fuzz Testing, Buffer Overflow, Sql Injection, Penetration Test

審閱

4.6（1,084 個評分）

5 stars
71%
4 stars
22%
3 stars
4%
2 stars
1%
1 star
1%

DT

May 09, 2016

The course of this kind was extremely needed, still in it's current state it contains lots of inaccuracies in lectures and quizes. I hope they will be fixed up to the future sessions.

KN

Oct 19, 2016

Week 5 about program analysis and is very interesting and many concepts are new to me. This is also a very well structured course. I had a great time studying it. Thanks, Mike.

從本節課中

WEB SECURITY

Web security: Attacks and defenses

Security for the Web: Introduction3:33

Web Basics10:31

SQL Injection10:35

SQL Injection Countermeasures9:17

Web-based State Using Hidden Fields and Cookies13:51

Session Hijacking6:55

Cross-site Request Forgery - CSRF6:36

Cross-site Scripting13:39

Interview with Kevin Haley21:13

教學方

Michael Hicks
Professor

以免費的價格試聽課程

腳本

[SOUND] So far, we have focused on programs written in C and C++. We've examined how vulnerabilities in programs written in these languages can lead to attacks that violate memory safety. Resulting in code injection or lack of sensitive data. We've also looked at various defenses against these attacks, one effective defense is to use a memory safe programming language. In this unit, we turn our attention to internet security focusing on applications that are part of the World-Wide Web. While many web applications are implemented in type-safe languages, and thus avoid memory safety issues, they have their own sets of problems. These problems go by names like SQL injection, Cross-site Scripting, Cross-site Request Forgery, and Session Hijacking. Interestingly, the issue's underlying web vulnerabilities are sometimes very similar to memory vulnerabilities. For example, sequel injection, SQL injection and cross side scripting arise because like buffer overflows the applications failure to properly validate it's input results in it treating data as if it were code. Modern web, sometimes called web 2.0, brings in the additional complication of mobile code. In particular when you visit a website, code from that site will be silently downloaded to your machine, and then run. Well how do you ensure that this code does not violate the security of other programs running in your browser or on your machine the outline for this unit is as follows. First, we will look into the technical details of the basic world wide web. We will see how typical web applications are structured at the client and at the server. We'll examine HTTP, the hypertext transfer protocol which client and servers use to communicate. We'll see how improper interaction with the database on the server can enable an attack called sequel injection. Next we'll look at how web applications implement a femoral, that is short lived, non persistent state. Such state is useful during a long lived session. Typically a femoral state is implemented using hidden form fields and cookies. Unfortunately, sloppy use of these features can lead to attacks such as session hijacking and cross-site request forgery or CSRF. With these attacks, an adversary can take over a user's account or manipulate an application to act for that user. But in the adversaries interests. Finally we'll look at so called web 2.0 which characterizes the modern web. The modern web makes heavy use of mobile code, often written in the language JavaScript. JavaScript programs originate at a server but run at the client. Running code at the client creates new possibilities for attack. One of which is called Cross-site Scripting of XSS. With XSS, a user's tricked into running code he thinks is from a trusted website. But in fact it's from a malicious source. Throughout the unit, we will look at various defenses to these attacks. One common theme of all of the defenses should be familiar, validate your input. So let's begin by looking at the basics of the web 1.0.

探索我們的目錄

免費加入並獲得個性化推薦、更新和優惠。

熱門在線課程

適用於所有人的人工智能課程
TensorFlow 簡介
神經網絡與深度學習
算法第 1 部分
算法第 2 部分
機器學習
使用 Python 進行機器學習
使用 SAS Viya 進行機器學習
R 語言程序設計（中文版）
Matlab 編程入門
使用 Python 進行數據分析
AWS 基礎知識：走向雲原生
Google 雲端平台基礎知識
網站可靠性工程
英語專業說
幸福科學
選修“如何學習”這門課
金融市場
公共健康領域的假設檢驗
日常領導基礎知識

熱門在線專項課程

深度學習
零基礎 Python 入門
數據科學
借助 Python 應用數據科學
商務基礎
Architecting with Google Cloud Platform
Google 雲端平台數據工程
Excel 到 MySQL
高級機器學習
數學在機器學習領域的應用
自動駕駛汽車
企業區塊鏈革命
商業分析
Excel 辦公技能
數字化營銷
使用 R 進行公共健康領域的統計分析
免疫學基礎知識
解剖學
管理創新和設計思維
積極心理學基礎知識

在線證書

Google IT 支持
IBM 客戶關係專員
IBM 數據科學
應用項目管理
IBM Applied AI 專業證書
用於分析的機器學習
空間數據分析和可視化
建築工程與管理
教學設計

在線學位課程

數據科學碩士
計算機科學學士學位
計算機科學與工程學位
機器學習碩士
MBA 和商學學位
電氣工程碩士
公共健康碩士
信息技術碩士

Coursera

About
Leadership
Careers
Catalog
Certificates
MasterTrack™ Certificates
Degrees
For Enterprise
For Government
For Campus
Coronavirus Response

社區

Learners
Partners
Developers
Beta Testers
Translators
Blog
Tech Blog

更多

Terms
Privacy
Help
Accessibility
Press
Contact
Directory
Affiliates

通過 Google Play 獲取

© 2020 Coursera Inc.保留所有權利。