This Specialization is intended for software developers of any level who are not yet fluent with secure coding and programming techniques.Through four courses, you will cover the principles of secure coding, concepts of threat modeling and cryptography and exploit vulnerabilities in both C/C++ and Java languages, which will prepare you to think like a hacker and protect your organizations information. The courses provide ample practice activities including exploiting WebGoat, an OWASP project designed to teach penetration testing.
제공자:
이 전문 분야 정보
최근 조회 13,296회
배울 내용
Practice improving the security and robustness of your programs.
Create threat models and apply basic cryptography.
Evaluate and remediate fragile C++ library code.
Exploit common types of injection problems and fix the root causes.
귀하가 습득할 기술
CybersecurityJavasecure programmingC/C++
전문분야 이용 방법
강좌 수강
Coursera 전문 분야는 기술을 완벽하게 습득하는 데 도움이 되는 일련의 강좌입니다. 시작하려면 전문 분야에 직접 등록하거나 강좌를 둘러보고 원하는 강좌를 선택하세요. 하나의 전문 분야에 속하는 강좌에 등록하면 해당 전문 분야 전체에 자동으로 등록됩니다. 단 하나의 강좌만 수료해도 됩니다. — 학습을 일시 중지하거나 언제든 구독을 종료할 수 있습니다. 학습자 대시보드를 방문하여 강좌 등록 상태와 진도를 추적해 보세요.
실습 프로젝트
모든 전문 분야에는 실습 프로젝트가 포함되어 있습니다. 전문 분야를 완료하고 수료증을 받으려면 프로젝트를 성공적으로 마쳐야 합니다. 전문 분야에 별도의 실습 프로젝트 강좌가 포함되어 있는 경우 각 강좌를 완료해야 프로젝트를 시작할 수 있습니다.
수료증 취득
모든 강좌를 마치고 실습 프로젝트를 완료하면 취업할 때나 전문가 네트워크에 진입할 때 제시할 수 있는 수료증을 취득할 수 있습니다.
이 전문 분야에는 4개의 강좌가 있습니다.
강좌1
Principles of Secure Coding
This course introduces you to the principles of secure programming. It begins by discussing the philosophy and principles of secure programming, and then presenting robust programming and the relationship between it and secure programming. We'll go through a detailed example of writing robust code and we'll see many common programming problems and show their connection to writing robust, secure programs in general. We’ll examine eight design principles that govern secure coding and how to apply them to your own work. We’ll discuss how poor design choices drive implementation in coding. We’ll differentiate between informal, formal, and ad hoc coding methods. Throughout, methods for improving the security and robustness of your programs will be emphasized and you will have an opportunity to practice these concepts through various lab activities. A knowledge of the C programming language is helpful, but not required to participate in the lab exercises.
강좌2
Identifying Security Vulnerabilities
This course will help you build a foundation of some of the fundamental concepts in secure programming. We will learn about the concepts of threat modeling and cryptography and you'll be able to start to create threat models, and think critically about the threat models created by other people. We'll learn the basics of applying cryptography, such as encryption and secure hashing. We'll learn how attackers can exploit application vulnerabilities through the improper handling user-controlled data. We'll gain a fundamental understanding of injection problems in web applications, including the three most common types of injection problems: SQL injection, cross-site scripting, and command injection. We'll also cover application authentication and session management where authentication is a major component of a secure web application and session management is the other side of the same coin, since the authenticated state of user requests need to be properly handled and run as one session. We'll learn about sensitive data exposure issues and how you can help protect your customer's data. We'll cover how to effectively store password-related information, and not to store the actual plaintext passwords. We'll participate in coding assignment that will help you to better understand the mechanisms for effectively storing password-related information. Along the way, we’ll discuss ways of watching out for and mitigating these issues and be able have some fun and exploit two different vulnerabilities in a web application that was designed to be vulnerable, called WebGoat.
강좌3
Identifying Security Vulnerabilities in C/C++Programming
This course builds upon the skills and coding practices learned in both Principles of Secure Coding and Identifying Security Vulnerabilities, courses one and two, in this specialization. This course uses the focusing technique that asks you to think about: “what to watch out for” and “where to look” to evaluate and ultimately remediate fragile C++ library code. The techniques you’ll be examining will make your programs perform accurately and be resistant to attempts to perform inaccurately. This is really what the term secure programming means. You will be shown common errors that people make, and then learn how to program more robustly. You will apply tips and best practices to help you improve your programming style and help you to avoid common problems like buffer overflows, which may or may not cause security problems.
강좌4
Exploiting and Securing Vulnerabilities in Java Applications
In this course, we will wear many hats. With our Attacker Hats on, we will exploit Injection issues that allow us to steal data, exploit Cross Site Scripting issues to compromise a users browser, break authentication to gain access to data and functionality reserved for the ‘Admins’, and even exploit vulnerable components to run our code on a remote server and access some secrets. We will also wear Defender Hats. We will dive deep in the code to fix the root cause of these issues and discuss various mitigation strategies. We do this by exploiting WebGoat, an OWASP project designed to teach penetration testing. WebGoat is a deliberately vulnerable application with many flaws and we take aim at fixing some of these issues. Finally we fix these issues in WebGoat and build our patched binaries. Together we will discuss online resources to help us along and find meaningful ways to give back to the larger Application Security community.
강사
Matthew Bishop, PhD
ProfessorDepartment of Computer Science
Sandra Escandor-O'Keefe
Offensive Security Engineer at FastlyContinuing and Professional Education
Joubin Jabbari
Software Security Architect, Financial IndustryContinuing and Professional Education
캘리포니아 대학교 데이비스 캠퍼스 정보
UC Davis, one of the nation’s top-ranked research universities, is a global leader in agriculture, veterinary medicine, sustainability, environmental and biological sciences, and technology. With four colleges and six professional schools, UC Davis and its students and alumni are known for their academic excellence, meaningful public service and profound international impact.
자주 묻는 질문
환불 규정은 어떻게 되나요?
하나의 강좌에만 등록할 수 있나요?
네! 시작하려면 관심 있는 강좌 카드를 클릭하여 등록합니다. 강좌를 등록하고 완료하면 공유할 수 있는 인증서를 얻거나 강좌를 청강하여 강좌 자료를 무료로 볼 수 있습니다. 전문 분야 과정에 있는 강좌에 등록하면, 전체 전문 분야에 등록하게 됩니다. 학습자 대시보드에서 진행 사항을 추적할 수 있습니다.
재정 지원을 받을 수 있나요?
해당 강좌를 무료로 수강할 수 있나요?
이 강좌는 100% 온라인으로 진행되나요? 직접 참석해야 하는 수업이 있나요?
이 강좌는 100% 온라인으로 진행되므로 강의실에 직접 참석할 필요가 없습니다. 웹 또는 모바일 장치를 통해 언제 어디서든 강의, 읽기 자료, 과제에 접근할 수 있습니다.
전문 분야를 완료하면 대학 학점을 받을 수 있나요?
이 전문 분야는 대학 학점을 제공하지 않지만, 일부 대학에서 선택적으로 전문 분야 인증서를 학점으로 인정할 수도 있습니다. 자세한 내용은 해당 기관에 문의하세요.
전문 분야를 완료하는 데 얼마나 걸리나요?
It is intended to be able to complete in 4-5 months, but you may want to give yourself more time to work through the many activities outlined in the various courses.
What background knowledge is necessary?
- Familiar with the Software Development Lifecycle.
- Fluent in one or more coding languages (including web front-end development languages.)
- For Java course, Fluent in Java.
- For C/C++ course, Fluent in C/C++.
Do I need to take the courses in a specific order?
We recommend you begin with Principles of Secure Coding and then move to Identifying Security Vulnerabilities. The other two courses can be taken in either order.
궁금한 점이 더 있으신가요? 학습자 도움말 센터를 방문해 보세요.
Coursera는 세계 최고의 교육에 대한 보편적인 접근 기회를 제공하며,
최고의 대학 및 기관들과 제휴하여 온라인 강좌를 제공합니다.
© 2019 Coursera Inc. All rights reserved.
