This Specialization is intended for software developers of any level who are not yet fluent with secure coding and programming techniques.Through four courses, you will cover the principles of secure coding, concepts of threat modeling and cryptography and exploit vulnerabilities in both C/C++ and Java languages, which will prepare you to think like a hacker and protect your organizations information. The courses provide ample practice activities including exploiting WebGoat, an OWASP project designed to teach penetration testing.
關於此 專項課程
4,361 次近期查看
您將學到的內容有
Practice improving the security and robustness of your programs.
Create threat models and apply basic cryptography.
Evaluate and remediate fragile C++ library code.
Exploit common types of injection problems and fix the root causes.
您將獲得的技能
CybersecurityJavasecure programmingC/C++
專項課程的運作方式
加入課程
Coursera 專項課程是幫助您掌握一門技能的一系列課程。若要開始學習,請直接註冊專項課程,或預覽專項課程並選擇您要首先開始學習的課程。當您訂閱專項課程的部分課程時,您將自動訂閱整個專項課程。您可以只完成一門課程,您可以隨時暫停學習或結束訂閱。訪問您的學生面板,跟踪您的課程註冊情況和進度。
實踐項目
每個專項課程都包括實踐項目。您需要成功完成這個(些)項目才能完成專項課程並獲得證書。如果專項課程中包括單獨的實踐項目課程,則需要在開始之前完成其他所有課程。
獲得證書
在結束每門課程並完成實踐項目之後,您會獲得一個證書,您可以向您的潛在雇主展示該證書並在您的職業社交網絡中分享。
此專項課程包含 4 門課程
課程1
Principles of Secure Coding
4.2
26 個評分
This course introduces you to the principles of secure programming. It begins by discussing the philosophy and principles of secure programming, and then presenting robust programming and the relationship between it and secure programming. We'll go through a detailed example of writing robust code and we'll see many common programming problems and show their connection to writing robust, secure programs in general. We’ll examine eight design principles that govern secure coding and how to apply them to your own work. We’ll discuss how poor design choices drive implementation in coding. We’ll differentiate between informal, formal, and ad hoc coding methods. Throughout, methods for improving the security and robustness of your programs will be emphasized and you will have an opportunity to practice these concepts through various lab activities. A knowledge of the C programming language is helpful, but not required to participate in the lab exercises.
課程2
Identifying Security Vulnerabilities
4.3
10 個評分
This course will help you build a foundation of some of the fundamental concepts in secure programming. We will learn about the concepts of threat modeling and cryptography and you'll be able to start to create threat models, and think critically about the threat models created by other people. We'll learn the basics of applying cryptography, such as encryption and secure hashing. We'll learn how attackers can exploit application vulnerabilities through the improper handling user-controlled data. We'll gain a fundamental understanding of injection problems in web applications, including the three most common types of injection problems: SQL injection, cross-site scripting, and command injection. We'll also cover application authentication and session management where authentication is a major component of a secure web application and session management is the other side of the same coin, since the authenticated state of user requests need to be properly handled and run as one session. We'll learn about sensitive data exposure issues and how you can help protect your customer's data. We'll cover how to effectively store password-related information, and not to store the actual plaintext passwords. We'll participate in coding assignment that will help you to better understand the mechanisms for effectively storing password-related information. Along the way, we’ll discuss ways of watching out for and mitigating these issues and be able have some fun and exploit two different vulnerabilities in a web application that was designed to be vulnerable, called WebGoat.
課程3
Identifying Security Vulnerabilities in C/C++Programming
This course builds upon the skills and coding practices learned in both Principles of Secure Coding and Identifying Security Vulnerabilities, courses one and two, in this specialization. This course uses the focusing technique that asks you to think about: “what to watch out for” and “where to look” to evaluate and ultimately remediate fragile C++ library code. The techniques you’ll be examining will make your programs perform accurately and be resistant to attempts to perform inaccurately. This is really what the term secure programming means. You will be shown common errors that people make, and then learn how to program more robustly. You will apply tips and best practices to help you improve your programming style and help you to avoid common problems like buffer overflows, which may or may not cause security problems.
課程4
Exploiting and Securing Vulnerabilities in Java Applications
In this course, we will wear many hats. With our Attacker Hats on, we will exploit Injection issues that allow us to steal data, exploit Cross Site Scripting issues to compromise a users browser, break authentication to gain access to data and functionality reserved for the ‘Admins’, and even exploit vulnerable components to run our code on a remote server and access some secrets. We will also wear Defender Hats. We will dive deep in the code to fix the root cause of these issues and discuss various mitigation strategies. We do this by exploiting WebGoat, an OWASP project designed to teach penetration testing. WebGoat is a deliberately vulnerable application with many flaws and we take aim at fixing some of these issues. Finally we fix these issues in WebGoat and build our patched binaries. Together we will discuss online resources to help us along and find meaningful ways to give back to the larger Application Security community.
講師
Matthew Bishop, PhD
ProfessorDepartment of Computer Science
Sandra Escandor-O'Keefe
Offensive Security Engineer at FastlyContinuing and Professional Education
Joubin Jabbari
Software Security Architect, Financial IndustryContinuing and Professional Education
關於 加州大学戴维斯分校
UC Davis, one of the nation’s top-ranked research universities, is a global leader in agriculture, veterinary medicine, sustainability, environmental and biological sciences, and technology. With four colleges and six professional schools, UC Davis and its students and alumni are known for their academic excellence, meaningful public service and profound international impact.
常見問題
退款政策是如何规定的?
我可以只注册一门课程吗?
可以!点击您感兴趣的课程卡开始注册即可。注册并完成课程后,您可以获得可共享的证书,或者您也可以旁听该课程免费查看课程资料。如果您订阅的课程是某专项课程的一部分,系统会自动为您订阅完整的专项课程。访问您的学生面板,跟踪您的进度。
有助学金吗?
我可以免费学习课程吗?
此课程是 100% 在线学习吗?是否需要现场参加课程?
此课程完全在线学习,无需到教室现场上课。您可以通过网络或移动设备随时随地访问课程视频、阅读材料和作业。
完成专项课程后我会获得大学学分吗?
此专项课程不提供大学学分,但部分大学可能会选择接受专项课程证书作为学分。查看您的合作院校了解详情。
完成专项课程需要多长时间?
It is intended to be able to complete in 4-5 months, but you may want to give yourself more time to work through the many activities outlined in the various courses.
What background knowledge is necessary?
- Familiar with the Software Development Lifecycle.
- Fluent in one or more coding languages (including web front-end development languages.)
- For Java course, Fluent in Java.
- For C/C++ course, Fluent in C/C++.
Do I need to take the courses in a specific order?
We recommend you begin with Principles of Secure Coding and then move to Identifying Security Vulnerabilities. The other two courses can be taken in either order.
還有其他問題嗎?請訪問 學生幫助中心。
