In this course, we will wear many hats. With our Attacker Hats on, we will exploit Injection issues that allow us to steal data, exploit Cross Site Scripting issues to compromise a users browser, break authentication to gain access to data and functionality reserved for the ‘Admins’, and even exploit vulnerable components to run our code on a remote server and access some secrets. We will also wear Defender Hats. We will dive deep in the code to fix the root cause of these issues and discuss various mitigation strategies. We do this by exploiting WebGoat, an OWASP project designed to teach penetration testing. WebGoat is a deliberately vulnerable application with many flaws and we take aim at fixing some of these issues. Finally we fix these issues in WebGoat and build our patched binaries. Together we will discuss online resources to help us along and find meaningful ways to give back to the larger Application Security community.
提供方
Secure Coding Practices 专项课程加州大学戴维斯分校课程信息
您将学到的内容有
Practice protecting against various kinds of cross-site scripting (XSS) attacks.
Form plans to mitigate injection vulnerabilities in your web application.
Create strategies and controls to provide secure authentication.
Examine code to find and patch vulnerable components.
您将获得的技能
提供方
加州大学戴维斯分校
UC Davis, one of the nation’s top-ranked research universities, is a global leader in agriculture, veterinary medicine, sustainability, environmental and biological sciences, and technology. With four colleges and six professional schools, UC Davis and its students and alumni are known for their academic excellence, meaningful public service and profound international impact.
教学大纲 - 您将从这门课程中学到什么
Setup and Introduction to Cross Site Scripting Attacks
In this module, you will be able to use Git and GitHub to pull needed source code. You will be able to run WebGoat in a Docker container and explain reasons for doing so. You'll be able to describe cross-site scripting attacks and explain how these attacks happen and how to guard against them. You'll be able to differentiate between a DOM-based, Reflected, and Stored cross-site scripting attacks. You will be able to practice protecting against various kinds of cross-site scripting attacks.
Injection Attacks
In this module, you will be able to exploit a SQL injection vulnerability and form plans to mitigate injection vulnerabilities in your web application. You will be able to discuss various approaches to finding and fixing XML, Entity and SQL attack vulnerabilities. You'll be able to describe and protect against a "man-in-the-middle" attack and describe the the thought process to find SQL injection vulnerabilities by "putting on the attacker's hat". You will be able to demonstrate how to properly modify queries to get them into prepared statements and analyze code while using an XML viewer and text editor to find vulnerabilities. You'll also be able to navigate a large code base to find critical segments of code and patch vulnerabilities.
Authentication and Authorization
In this module, you will be able to evaluate authentication flaws of various kinds to identify potential problems and create strategies and controls to provide secure authentication. You'll be able to create and/or implement controls to mitigate authentication bypass and draw lessons from notable instances where others failed to authenticate users. You will be able to properly implement authentication methods like JSON Web Tokens (JWT). You will be able to find vulnerabilities in a large code base and provide a solution for demonstrating and exploiting JSON Web Tokens (JWT).
Dangers of Vulnerable Components and Final Project
In this module, you will be able to use the OWASP Dependency Checker while analyzing code and verify that you have vulnerable components in the code. You will be able to examine code to find and patch vulnerable components. You will be able to apply what you learned from previous module activities to finalize your final project.
审阅
来自EXPLOITING AND SECURING VULNERABILITIES IN JAVA APPLICATIONS的热门评论
course is good but it seems like, i am learner of this course..There is no one who can review my asginments -_-'
Excellent and really helpful material... By far the best and most interesting course in the series!
Great course, got lot to earn about vulnerabilities and their mitigation strategies
Very Good course material. dicover it, try it, fix it method.
关于 Secure Coding Practices 专项课程
常见问题
我什么时候能够访问课程视频和作业?
Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:
- The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.
- The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.
我订阅此专项课程后会得到什么?
您注册课程后,将有权访问专项课程中的所有课程,并且会在完成课程后获得证书。您的电子课程证书将添加到您的成就页中,您可以通过该页打印您的课程证书或将其添加到您的领英档案中。如果您只想阅读和查看课程内容,可以免费旁听课程。
退款政策是如何规定的?
如果订阅,您可以获得 7 天免费试听,在此期间,您可以取消课程,无需支付任何罚金。在此之后,我们不会退款,但您可以随时取消订阅。请阅读我们完整的退款政策。
有助学金吗?
是的,Coursera 可以为无法承担费用的学生提供助学金。通过点击左侧“注册”按钮下的“助学金”链接可以申请助学金。您可以根据屏幕提示完成申请,申请获批后会收到通知。您需要针对专项课程中的每一门课程完成上述步骤,包括毕业项目。了解更多。
完成课程后,我会获得大学学分吗?
此课程不提供大学学分,但部分大学可能会选择接受课程证书作为学分。查看您的合作院校,了解详情。Coursera 上的在线学位和 Mastertrack™ 证书提供获得大学学分的机会。
还有其他问题吗?请访问 学生帮助中心。
