Mutillidae - Exploiting OWASP Top 20 Controls | Coursera

浏览
顶级课程
登录
免费加入

Mutillidae

Loading...

Proactive Computer Security

科罗拉多大学系统

4.7（207 个评分） | 12K 名学生已注册

课程 4（共 4 门，Cybersecurity for Business 专项课程）

I’ve heard this before – “I’m not sure my computer security practices are working”. I reply “Have you tested them?” This course is the fourth and final course in the Practical Computer Security specialization. In this course, you’ll learn how to proactively test what you have put in place to protect your data. In the first week you’ll be able to discuss the basics of deterrents and how to “trick” attackers into believing they’ve hit a goldmine of data away from your real systems. In week 2, you’ll be able to understand and discuss the steps of penetration testing methodology. In week 3, you will be able to understand and apply what you have learned on your own systems to test whether your systems are secure or not. In week 4, we’ll discuss planning for your own methodology that you can apply to your own systems. And finally in week 5, we’ll finish up with a project that will allow you to test your skills in a safe environment.

查看授课大纲

审阅

4.7（207 个评分）

5 stars
78.74%
4 stars
14%
3 stars
3.86%
2 stars
1.44%
1 star
1.93%

MT

Nov 13, 2020

Very helpful in building knowledge towards more advance security related certifications. This, for me, was good in terms of understanding the surface of Ethical Hacking.

SS

Apr 15, 2018

Great Class. I learned a lot, especially at the end or the peer based grading final. It really made you put your thinking cap on and act like a red teamer.

从本节课中

Exploiting OWASP Top 20 Controls

This is the course project. The goal is for you to compromise or gain data from a test system.

教学方

Greg Williams
Lecturer

以免费的价格试听课程

脚本

Let's talk about your project. Mutillidae is a vulnerable web application. I've installed it on a server here on campus to help you go through the entire penetration testing process. This is the latest version of Mutillidae, and it was released I believe some time in June or July of 2017. It has the latest top ten controls for 2017. Now, those aren't out yet, but it does have them in there. It also can help you through OWASP 2013 and OWASP 2010 as well. So if we go to OWASP 2017, and we go to SQL Injection, we go to the first one here. Let's get some user information. This is going to help us exploit it. This is vulnerable and the hints are on right now. So it says, try injecting single-quotes and other special control characters to produce an error if possible. So if we try that, and let's just use a tick-mark, And it gives us information, gives us error messages. Error messages are great because we know that something is not handled correctly. So, go through the documentation, go through the usage instructions under documentation. Look online, there's videos out there to help you along. What I want you to understand is this application, is a safe application to test information on. Now you're going to be testing with a number of different other people. If something breaks, please put it in the discussion board, email me, tell me to reset the database. If I click Reset Database actually it's going to just do it anyway. So when you're done with it you may want to do that anyway just to be nice to the next person that comes in. But all these are vulnerable, all these top ten controls we can use something to exploit or use it to exploit another system or it's own web application. So, I hope you had fun with the course. Let me know if you have fun with the project. Use your peers, use the Internet, like I've always said, and what the introduction says, if you're not using the Internet to look at information, somebody else has already done it. So don't reinvent the wheel, I understand that you have to learn, but learn by doing. Learn how to look up information and exploit systems without spinning your wheels, look at examples. And I may see you in another course soon.

探索我们的目录

免费加入并获得个性化推荐、更新和优惠。

Coursera Footer

热门在线课程

Finding Purpose & Meaning in Life
Understanding Medical Research
Japanese for Beginners
Introduction to Cloud Computing
Foundations of Mindfulness
Fundamentals of Finance
机器学习
使用 SAS Viya 进行机器学习
幸福科学
Covid-19 Contact Tracing
适用于所有人的人工智能课程
金融市场
心理学导论
Getting Started with AWS
International Marketing
C++
Predictive Analytics & Data Mining
UCSD Learning How to Learn
Michigan Programming for Everybody
JHU R Programming
Google CBRS CPI Training

热门在线专项课程

Natural Language Processing (NLP)
AI for Medicine
Good with Words: Writing & Editing
Infections Disease Modeling
The Pronounciation of American English
Software Testing Automation
深度学习
零基础 Python 入门
数据科学
商务基础
Excel 办公技能
Data Science with Python
Finance for Everyone
Communication Skills for Engineers
Sales Training
职业品牌管理职业生涯品牌管理
Wharton Business Analytics
Penn Positive Psychology
Washington Machine Learning
CalArts Graphic Design

在线证书

专业证书
MasterTrack 证书
Google IT 支持
IBM 数据科学
Google Cloud Data Engineering
IBM Applied AI
Google Cloud Architecture
IBM Cybersecurity Analyst
Google IT Automation with Python
IBM z/OS Mainframe Practitioner
UCI Applied Project Management
Instructional Design Certificate
Construction Engineering and Management Certificate
Big Data Certificate
Machine Learning for Analytics Certificate
Innovation Management & Entrepreneurship Certificate
Sustainabaility and Development Certificate
Social Work Certificate
AI and Machine Learning Certificate
Spatial Data Analysis and Visualization Certificate

在线学位课程

Computer Science Degrees
Business Degrees
公共卫生学位
Data Science Degrees
学士学位
计算机科学学士
MS Electrical Engineering
Bachelor Completion Degree
MS Management
MS Computer Science
MPH
Accounting Master's Degree
MCIT
MBA Online
数据科学应用硕士
Global MBA
Master's of Innovation & Entrepreneurship
MCS Data Science
Master's in Computer Science
公共健康硕士

Coursera

关于
我们提供的内容
管理团队
工作机会
目录
证书
MasterTrack™ 证书
学位
企业版
政府版
面向校园

社区

学生
合作伙伴
开发者
Beta 测试人员
专业译员
博客
技术博客
教学中心

更多

条款
隐私
帮助
内容访问
媒体
联系我们
目录
附属公司

随时随地学习

通过 Google Play 获取

© 2021 Coursera Inc.保留所有权利。