Course Summary
Learn how to identify security vulnerabilities and protect your organization from cyber attacks in this comprehensive course.Key Learning Points
- Discover common vulnerabilities in web applications and networks
- Learn how to conduct security assessments
- Understand how to mitigate security risks and protect against attacks
Related Topics for further study
- Web Application Security
- Network Vulnerabilities
- Security Assessments
- Risk Mitigation
- Penetration Testing
Learning Outcomes
- Ability to identify and assess security vulnerabilities
- Understanding of common attack methods and how to protect against them
- Skills to conduct security assessments and implement risk mitigation strategies
Prerequisites or good to have knowledge before taking this course
- Basic knowledge of computer networks and web technologies
- Familiarity with security concepts and terminology
Course Difficulty Level
IntermediateCourse Format
- Online
- Self-paced
- Video lectures
- Hands-on exercises
Similar Courses
- Penetration Testing and Ethical Hacking
- Cybersecurity Fundamentals
- Network Security
Related Education Paths
- Certified Information Systems Security Professional (CISSP)
- Certified Ethical Hacker (CEH)
- CompTIA Security+
Notable People in This Field
- Bruce Schneier
- Eva Galperin
- Mikko Hyppönen
Related Books
Description
This course will help you build a foundation of some of the fundamental concepts in secure programming. We will learn about the concepts of threat modeling and cryptography and you'll be able to start to create threat models, and think critically about the threat models created by other people. We'll learn the basics of applying cryptography, such as encryption and secure hashing. We'll learn how attackers can exploit application vulnerabilities through the improper handling user-controlled data. We'll gain a fundamental understanding of injection problems in web applications, including the three most common types of injection problems: SQL injection, cross-site scripting, and command injection.
Outline
- Foundational Topics in Secure Programming
- Course Introduction
- Module 1 Introduction
- Fundamental Concepts in Security
- The STRIDE Method Via Example
- STRIDE Threats In More Detail Via Example
- Trust Boundaries
- Cryptography Basics Introduction
- Cryptography Basics: Block Ciphers
- Cryptography Basics: Symmetric and Asymmetric Cryptography
- Cryptography Basics: Hash Functions
- Cryptography Basics: Application to Threat Models
- Lab: Threat Model Activity
- OWASP Top 10 Proactive Controls and Exploits - Part 1
- OWASP Top 10 Proactive Controls and Exploits - Part 2
- A Note From UC Davis
- Welcome to Peer Review Assignments!
- Reading and Resource
- Module 1 Quiz
- Injection Problems
- Module 2 Introduction
- General Concepts: Injection Problems
- SQL Injection Problems
- Mitigating SQL Injection Using Prepared Statements
- Mitigating SQL Injection Using Stored Procedures
- Mitigating SQL Injection Using Whitelisting
- Injection Problems in Real Life
- Solution Screencast for Lab: Exploit Using WebGoat's SQLi Example
- Cross-Site Scripting Introduction
- HTTP and Document Isolation
- DOM, Dynamically Generating Pages, and Cross-Site Scripting
- The 3-Kinds of Cross-Site Scripting Vulnerabilities
- Comparing and Contrasting Cross-Site Scripting Vulnerabilities
- OWASP Prescribed Cross-site Scripting Prevention Rules - Part 1
- OWASP Prescribed Cross-site Scripting Prevention Rules - Part 2
- Command Injection Problems
- OWASP Proactive Controls Related to Injections
- Resources
- Module 2 Quiz
- Problems Arising From Broken Authentication
- Module 3 Introduction
- Overview of HTTP Protocol
- Introduction to Authentication
- Handling Error Messages During Authentication
- Introduction to Session Management
- Enforcing Access Control with Session Management
- Session Management Threat: Bruteforce Session IDs
- Session Management Theat: Session Fixation Vulnerabilities
- Logging and Monitoring
- Solution for Lab #3: WebGoat’s Session Management Vulnerability
- OWASP Proactive Controls Related to Session Management and Authentication
- Resources
- Module 3 Quiz
- Sensitive Data Exposure Problems
- Module 4 Introduction
- Introduction to Sensitive Data Exposure Problems
- Issue 1: Using PII to Compose Session IDs
- Issue 2: Not Encrypting Sensitive Information
- Issue 3: Improperly Storing Passwords
- Slowing Down Password Bruteforce Attacks
- Issue 4: Using HTTP for Sensitive Client-server
- OWASP Proactive Controls Related to Sensitive Data Exposure
- Course Summary
- Resources
- Module 4 Quiz
Sandra Escandor-O'Keefe
4.6 Raiting
Code & Grow Rich: Earn More As An Entrepreneur Or Developer
- 4.2
-
![]()
![]()
![]()
![]()
![]()
Make More Money as an Entrepreneur, Web & Mobile App Developer, Software Engineer, Startup Junkie, or Programmer ----------------------------------------------------------------------------------------------------------------*Feb 16th 2016* -----------------------------------------------------------------------------------------------------------------...
IT Networking Fundamentals: CompTIA Network+ 2016
- 0.0
-
![]()
![]()
![]()
![]()
![]()
Learn what Network+ is by understanding how to build, manage, and protect the critical asset that is the data network. Welcome to IT Networking Fundamentals: CompTIA Network+ 2016 from LearnSmart....
Web application Penetration testing & Security
- 0.0
-
![]()
![]()
![]()
![]()
![]()
Hunting bugs in Web applications from security perspective - Web application security tester - Beginner to Advanced Combining the most advanced techniques used by offensive hackers to exploit and secure....
SonarQube SonarCloud - Continuous Inspection and Code Review
- 0.0
-
![]()
![]()
![]()
![]()
![]()
Automated continuous inspection and code quality. SonarQube and SonarCloud to analyse 25+ languages in real time SonarQube Continuous Inspection tool for Code Quality....
