À propos de ce cours

13,027 consultations récentes
Certificat partageable
Obtenez un Certificat lorsque vous terminez
100 % en ligne
Commencez dès maintenant et apprenez aux horaires qui vous conviennent.
Dates limites flexibles
Réinitialisez les dates limites selon votre disponibilité.
Niveau intermédiaire
Approx. 24 heures pour terminer
Anglais
Sous-titres : Anglais

Ce que vous allez apprendre

  • Practice protecting against various kinds of cross-site scripting (XSS) attacks.

  • Form plans to mitigate injection vulnerabilities in your web application.

  • Create strategies and controls to provide secure authentication.

  • Examine code to find and patch vulnerable components.

Compétences que vous acquerrez

Javasecure programmingJava Programmingsecurity
Certificat partageable
Obtenez un Certificat lorsque vous terminez
100 % en ligne
Commencez dès maintenant et apprenez aux horaires qui vous conviennent.
Dates limites flexibles
Réinitialisez les dates limites selon votre disponibilité.
Niveau intermédiaire
Approx. 24 heures pour terminer
Anglais
Sous-titres : Anglais

Offert par

Logo Université de Californie à Davis

Université de Californie à Davis

Programme du cours : ce que vous apprendrez dans ce cours

Semaine
1

Semaine 1

7 heures pour terminer

Setup and Introduction to Cross Site Scripting Attacks

7 heures pour terminer
14 vidéos (Total 89 min), 3 lectures, 2 quiz
14 vidéos
Overview of Resources and Tools for This Course4 min
Setup and Introduction to Cross-site Scripting1 min
Tips and Tricks to Use Git for Course and Project8 min
How to Import WebGoat into IDE7 min
How to Run WebGoat in a Docker Container5 min
Injection Attacks: What They Are and How They Affect Us9 min
Cross-site Scripting (XSS), Part 110 min
Protecting Against Cross-site Scripting (XSS), Part 29 min
Patching Reflected Cross-site Scripting (XSS), Part 36 min
Stored Cross-site Scripting (XSS)14 min
Dangers of Cross-site Scripting (XSS) Attacks4 min
A Note About Finding Lessons on WebGoat32s
Introduction to Labs (Peer Reviewed)2 min
3 lectures
A Note From UC Davis10 min
OWASP Cross Site Scripting Prevention Cheat Sheet1 h
Note About Peer Review Assignments10 min
1 exercice pour s'entraîner
Module 1 Quiz30 min
Semaine
2

Semaine 2

7 heures pour terminer

Injection Attacks

7 heures pour terminer
10 vidéos (Total 80 min), 2 lectures, 2 quiz
10 vidéos
Tutorial: Using a Proxy to Intercept Traffic from Client to Servers7 min
SQL Syntax and Basics: Putting On the Attacker Hat10 min
Solution to SQL Injection Attacks (SQLi)7 min
SQL Injection Attacks: Evaluation of Code13 min
XML External Entity (XXE) Attacks8 min
Demo of an XML External Entity (XXE) Attack to Gain Remote Code Execution (RCE)5 min
Evaluation of Code - XXE through a REST Framework8 min
Solution: Evaluation of Code - XXE through a REST Framework8 min
Patching the XXE Vulnerability9 min
2 lectures
OWASP SQL Injection Prevention Cheat Sheet45 min
OWASP XML External Entity Prevention Cheat Sheet45 min
1 exercice pour s'entraîner
Module 2 Quiz30 min
Semaine
3

Semaine 3

6 heures pour terminer

Authentication and Authorization

6 heures pour terminer
12 vidéos (Total 57 min), 2 lectures, 2 quiz
12 vidéos
Introduction to Authentication Flaws in WebGoat1 min
Authentication Bypass Exploit3 min
Tips and Tricks for Burp Suite: Use Proxy to Intercept Traffic4 min
Solution to Authentication Bypass: Evaluation of Code7 min
Finding Vulnerabilities and Logical Flaws in Source Code10 min
Introduction to JSON Web Tokens (JWT) and Authentication Bypass49s
Authentication Flaw JSON Web Tokens (JWT)7 min
Solution Demo: Exploiting JSON Web Tokens (JWT)8 min
Evaluating Code to Find the JSON Web Tokens (JWT) Flaw4 min
Hint Video: (JWT) Patching the Vulnerable Code in WebGoat47s
Solution to Patch JWT Flaw6 min
2 lectures
OWASP Transaction Authorization Cheat Sheet1 h
A Beginner's Guide to JWTs in Java'45 min
1 exercice pour s'entraîner
Module 3 Quiz30 min
Semaine
4

Semaine 4

4 heures pour terminer

Dangers of Vulnerable Components and Final Project

4 heures pour terminer
5 vidéos (Total 26 min), 3 lectures, 2 quiz
5 vidéos
Vulnerable Components (XStream Library)9 min
Solution: Fixing Vulnerabilities with XStream11 min
Introduction to Labs (Peer Reviewed)2 min
Course Summary1 min
3 lectures
Article: How Hackers Broke Equifax: Exploiting a Patchable Vulnerabil10 min
Article: Exploiting OGNL Injection in Apache Struts30 min
Note About Peer Review Assignments10 min
1 exercice pour s'entraîner
Module 4 Practice Quiz5 min

Avis

Meilleurs avis pour EXPLOITING AND SECURING VULNERABILITIES IN JAVA APPLICATIONS

Voir tous les avis

À propos du Spécialisation Secure Coding Practices

This Specialization is intended for software developers of any level who are not yet fluent with secure coding and programming techniques.Through four courses, you will cover the principles of secure coding, concepts of threat modeling and cryptography and exploit vulnerabilities in both C/C++ and Java languages, which will prepare you to think like a hacker and protect your organizations information. The courses provide ample practice activities including exploiting WebGoat, an OWASP project designed to teach penetration testing....
Secure Coding Practices

Foire Aux Questions

  • Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:

    • The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.

    • The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

  • When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.

  • If you subscribed, you get a 7-day free trial during which you can cancel at no penalty. After that, we don’t give refunds, but you can cancel your subscription at any time. See our full refund policy.

  • Yes, Coursera provides financial aid to learners who cannot afford the fee. Apply for it by clicking on the Financial Aid link beneath the "Enroll" button on the left. You'll be prompted to complete an application and will be notified if you are approved. You'll need to complete this step for each course in the Specialization, including the Capstone Project. Learn more.

D'autres questions ? Visitez le Centre d'Aide pour les Etudiants.