课程信息
3.8
28 个评分
8 个审阅
专项课程

第 3 门课程(共 4 门),位于

100% 在线

100% 在线

立即开始,按照自己的计划学习。
可灵活调整截止日期

可灵活调整截止日期

根据您的日程表重置截止日期。
中级

中级

完成时间(小时)

完成时间大约为13 小时

建议:4 hours/week...
可选语言

英语(English)

字幕:英语(English)...
专项课程

第 3 门课程(共 4 门),位于

100% 在线

100% 在线

立即开始,按照自己的计划学习。
可灵活调整截止日期

可灵活调整截止日期

根据您的日程表重置截止日期。
中级

中级

完成时间(小时)

完成时间大约为13 小时

建议:4 hours/week...
可选语言

英语(English)

字幕:英语(English)...

教学大纲 - 您将从这门课程中学到什么

1
完成时间(小时)
完成时间为 4 小时

Injection Web App Attacks and Their Defenses

In this module we will learn how to hack web app with command injection vulnerability with only four characters malicious string. We will learn how to hack web app with database backend with SQL injection vulnerability and potentially show the list of passwords by injecting string to overwrite SQL query. We will learn how to perform code review to spot the key statements/their patterns that expose the programs for such injection attacks and learn how to patch them. We will learn how to apply security design pattern to defend injection attacks and enhance web security. ...
Reading
4 个视频(共 34 分钟), 2 个阅读材料, 2 个测验
Video4 个视频
Command Injection11分钟
Review Code to Detect Pattern to Defend Command Injection12分钟
Apply Security Design Pattern to Defend Command Injection Attack6分钟
Reading2 个阅读材料
OWASP Command Injection30分钟
Detecting Command Injection30分钟
Quiz1 个练习
Exam 3.1. Assessing Injection Web App Attacks and Their Defenses30分钟
2
完成时间(小时)
完成时间为 6 小时

Hack SQL Databases and Patch Web Apps with SQL Injection Vulnerabilities

In this module we will learn how to hack web app with database backend with SQL injection vulnerability and potentially show the list of passwords by injecting string to overwrite SQL query.We will learn how to perform code review to spot the key statements/their patterns that expose the programs for such injection attacks and learn how to patch them. We will learn the eight-step hacker methodology for exploit systems. For the escalating privilege techniques, we show how to leverage command injection vulnerability to search file systems and deposit/hide Trojans for future exploit. ...
Reading
6 个视频(共 54 分钟), 5 个阅读材料, 2 个测验
Video6 个视频
Patching Web App with SQL Injection Vulnerability5分钟
Hacking Methodology9分钟
Demystify New OS/PL Will Not Have Injection Vulnerabilities8分钟
Escalate Privileges via Deploying Trojan10分钟
Escalate Privileges by Bringing in Sophisticated Trojan8分钟
Reading5 个阅读材料
SQL Injection30分钟
SQL Injection Prevention Cheat Sheet30分钟
Red Teaming: The Art of Ethical Hacking30分钟
Understanding Privilege Escalation30分钟
National Vulnerability Database Entry30分钟
Quiz1 个练习
Exam 3.2. Assessing SQL Injection and Hacking Methodology30分钟
3
完成时间(小时)
完成时间为 2 小时

Memory Attacks and Defenses

In this module, we learn about the typical protection mechanism provided by the modern OS to prevent process from accessing other pages data belong different process. We will also learn buffer overflow attacks and their common defenses....
Reading
4 个视频(共 51 分钟), 2 个阅读材料, 1 个测验
Video4 个视频
Variables Allocation in Virtual Memory Layout5分钟
Buffer Overflow14分钟
Buffer Overflow Defense15分钟
Reading2 个阅读材料
OWASP Memory Leaks30分钟
OWASP Buffer Overflow Attacks30分钟
Quiz1 个练习
Exam 3.3. Assessing Buffer Overflow Attacks and Defenses30分钟
4
完成时间(小时)
完成时间为 4 小时

Penetration Testing

In this module we will learn how to perform Vulnerability Scanning with Nessus tool, learn to perform penetration testing using tools included in Kali Linux distribution and to use Metasploit Framework to take control a vulnerable machine, deploy keylogger, run remote shell and remote VNC injection. We will also learn how to clone an AWS P2.xlarge GPU instance from a Ubuntu image with hashcat software to crack passwords....
Reading
6 个视频(共 37 分钟), 3 个阅读材料, 2 个测验
Video6 个视频
Vulnerability and WannaCry Ransomware7分钟
Penetration Testing with Kali Linux6分钟
Metasploit Framework10分钟
Keylogging3分钟
Remote VNC Server Injection1分钟
Reading3 个阅读材料
Nessus Training30分钟
Kali Linux & Documentation30分钟
Metasploit Resources30分钟
Quiz1 个练习
Exam 3.4. Assessing the Scanning and Penetration Testing Skills22分钟

讲师

Avatar

Edward Chow

Professor
Computer Science

关于 University of Colorado System

The University of Colorado is a recognized leader in higher education on the national and global stage. We collaborate to meet the diverse needs of our students and communities. We promote innovation, encourage discovery and support the extension of knowledge in ways unique to the state of Colorado and beyond....

关于 Fundamentals of Computer Network Security 专项课程

This specialization in intended for IT professionals, computer programmers, managers, IT security professionals who like to move up ladder, who are seeking to develop network system security skills. Through four courses, we will cover the Design and Analyze Secure Networked Systems, Develop Secure Programs with Basic Cryptography and Crypto API, Hacking and Patching Web Applications, Perform Penetration Testing, and Secure Networked Systems with Firewall and IDS, which will prepare you to perform tasks as Cyber Security Engineer, IT Security Analyst, and Cyber Security Analyst. The learning outcomes of this specialization include: you should be able to create public/private keys, certificate requests, install/sign/verify them for web server and client authentication, secure emails, and code signing. you should be able to write secure web apps with Crypto API to implement the confidentiality, integrity, and availability basic security services. you should be able to hack web applications with vulnerabilities and patch them. you should be able to apply penetration testing tool to exploit vulnerable systems. you should be able to crack passwords given the hashes in password file using AWS P2 GPU. you should be able to configure firewall and IDS for secure network systems you should be able to specify effective security policies and implement efficient enforcement procedures by applying security design principles for securing network systems....
Fundamentals of Computer Network Security

常见问题

  • 注册以便获得证书后,您将有权访问所有视频、测验和编程作业(如果适用)。只有在您的班次开课之后,才可以提交和审阅同学互评作业。如果您选择在不购买的情况下浏览课程,可能无法访问某些作业。

  • 您注册课程后,将有权访问专项课程中的所有课程,并且会在完成课程后获得证书。您的电子课程证书将添加到您的成就页中,您可以通过该页打印您的课程证书或将其添加到您的领英档案中。如果您只想阅读和查看课程内容,可以免费旁听课程。

还有其他问题吗?请访问 学生帮助中心