Explore

Software Security

Approx. 18 hours to complete

Save Course

Go to Course

Course Summary

This course focuses on teaching the fundamental principles for developing secure software applications. Students will learn how to identify and mitigate common security vulnerabilities in software and how to implement best practices for secure coding.

Key Learning Points

Learn the basics of software security and how to identify common vulnerabilities
Understand best practices for secure coding and how to implement them in your applications
Gain hands-on experience with tools and techniques for testing and securing software

Learning Outcomes

Develop a thorough understanding of software security principles
Identify and mitigate common security vulnerabilities in software
Implement best practices for secure coding in your applications

Prerequisites or good to have knowledge before taking this course

Basic programming knowledge
Familiarity with software development concepts

Course Difficulty Level

Intermediate

Course Format

Online self-paced course
Video lectures with quizzes and exercises

Similar Courses

Cybersecurity Fundamentals
Secure Coding Practices
Penetration Testing and Ethical Hacking

Related Education Paths

Related Books

Description

This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.

Outline

OVERVIEW
Introducing Computer Security
What is software security?
Tour of the course and expected background
Introductory Reading
Syllabus
FAQ and Errata
Glossary
Qualifying Quiz

LOW-LEVEL SECURITY
Low Level Security: Introduction
Memory Layout
Buffer Overflow
Code Injection
Other Memory Exploits
Format String Vulnerabilities
Week 1 Reading
Project 1
Week 1 quiz
VM BOF quiz

DEFENDING AGAINST LOW-LEVEL EXPLOITS
Defenses Against Low-Level Attacks: Introduction
Memory Safety
Type Safety
Avoiding Exploitation
Return Oriented Programming - ROP
Control Flow Integrity
Secure Coding
Week 2 Reading
Week 2 quiz

WEB SECURITY
Security for the Web: Introduction
Web Basics
SQL Injection
SQL Injection Countermeasures
Web-based State Using Hidden Fields and Cookies
Session Hijacking
Cross-site Request Forgery - CSRF
Web 2.0
Cross-site Scripting
Interview with Kevin Haley
Week 3 Reading
Project 2
BadStore quiz
Week 3 quiz

SECURE SOFTWARE DEVELOPMENT
Designing and Building Secure Software: Introduction
Threat Modeling, or Architectural Risk Analysis
Security Requirements
Avoiding Flaws with Principles
Design Category: Favor Simplicity
Design Category: Trust With Reluctance
Design Category: Defense in Depth, Monitoring/Traceability
Top Design Flaws
Case Study: Very Secure FTP daemon
Interview with Gary McGraw
Week 4 Reading
Week 4 quiz

PROGRAM ANALYSIS
Static Analysis: Introduction part 1
Static Analysis: Introduction part 2
Flow Analysis
Flow Analysis: Adding Sensitivity
Context Sensitive Analysis
Flow Analysis: Scaling it up to a Complete Language and Problem Set
Challenges and Variations
Introducing Symbolic Execution
Symbolic Execution: A Little History
Basic Symbolic Execution
Symbolic Execution as Search, and the Rise of Solvers
Symbolic Execution Systems
Interview with Andy Chou
Week 5 Reading
Project 3
Project 3 quiz
Week 5 quiz

PEN TESTING
Penetration Testing: Introduction
Pen Testing
Fuzzing
Interview with Eric Eames
Interview with Patrice Godefroid
Week 6 Reading
Week 6 quiz

Summary of User Reviews

The Software Security course on Coursera has received positive reviews from many users. The course has been praised for its comprehensive coverage of software security and practical examples that help students understand the concepts.

Key Aspect Users Liked About This Course

The course has been praised for its practical examples that help students understand the concepts.

Pros from User Reviews

Comprehensive coverage of software security
Practical examples that help students understand the concepts
Well-structured and easy to follow
Engaging and knowledgeable instructors
Useful assignments and assessments

Cons from User Reviews

Some users found the course content to be too basic
A few technical issues reported
Limited interaction with instructors and peers
Lack of focus on specific programming languages
Some users felt the course was too theoretical

Recommended for you

Microsoft Project 2019: Comprehensive Beginner Course

Claim 8. 5 PDUs in this MS Project 2019 Course aimed at complete beginners with follow-along project exercises **This course includes practice exercises and LIFETIME access**...

Save Course

Beyond Basic Programming - Intermediate Python

Take your Python skills to the next level. Learn how expert programmers work with code and the techniques they use. How do you become a guru?...

Save Course

VMwar vSphere 7 Foundations: install, configure, manage [v7]

This VMware vSphere 7 Training is Full Demos of vSphere 7 VCP, Create vSphere Home Lab, Lifecycle Manager, New Features Interested in learning how to virtualize your environment?...

Save Course

Architecting with Google Kubernetes Engine: Workloads

Course Introduction Course Introduction Getting Started with Google Cloud Platform and Qwiklabs Welcome and Getting Started Guide! How to Send Feedback...

Save Course