Identifying Security Vulnerabilities from Coursera

This course will help you build a foundation of some of the fundamental concepts in secure programming. We will learn about the concepts of threat modeling and cryptography and you'll be able to start to create threat models, and think critically about the threat models created by other people. We'll learn the basics of applying cryptography, such as encryption and secure hashing. We'll learn how attackers can exploit application vulnerabilities through the improper handling user-controlled data. We'll gain a fundamental understanding of injection problems in web applications, including the three most common types of injection problems: SQL injection, cross-site scripting, and command injection.

We'll also cover application authentication and session management where authentication is a major component of a secure web application and session management is the other side of the same coin, since the authenticated state of user requests need to be properly handled and run as one session. We'll learn about sensitive data exposure issues and how you can help protect your customer's data. We'll cover how to effectively store password-related information, and not to store the actual plaintext passwords. We'll participate in coding assignment that will help you to better understand the mechanisms for effectively storing password-related information.

Along the way, we’ll discuss ways of watching out for and mitigating these issues and be able have some fun and exploit two different vulnerabilities in a web application that was designed to be vulnerable, called WebGoat.

What's inside

Syllabus

Foundational Topics in Secure Programming

In this module, you will gain exposure to the ideas of threat modeling and applied cryptography. By the end of the module, you will be able to start to create threat models, and think critically about the threat models created by other people. You will be able to apply the STRIDE Method to your threat model and distinguish the trust boundaries in a given system. You will also gain a basic understanding of applied cryptography, such as encryption and secure hashing.

Injection Problems

By the end of this module, you will have a fundamental understanding of injection problems in web applications. You'll be able to discuss and describe the three most common types of injection problems: SQL injection, cross-site scripting, and command injection. In order to drive home these concepts, you will be able to work on exploiting a SQL injection vulnerability in the WebGoat application. You'll be able to formulate plans to mitigate injection problems in your applications.

Problems Arising From Broken Authentication

By the end of this module, you will be able to evaluate a system to determine if it follows the generally prescribed secure methods for authentication and session management in web applications. You'll be able to distinguish the relationship between authentication, session management, and access control. You will also be able to exploit WebGoat's authentication and session management vulnerability. As well as be able to evaluate a system to determine if it performs sufficient security logging such that non-repudiation is enforced. This will help drive the concepts that you will learn in this module.

Sensitive Data Exposure Problems

By the end of this module, you will understand how to effectively store password-related information, and NOT to store the actual plaintext passwords. You will also have a hands on coding assignment that will help you to better understand the mechanisms for effectively storing password-related information. Ready?

Good to know

Know what's good

, what to watch for

, and possible dealbreakers

Covers key concepts and ideas that are standard in secure programming

Led by Sandra Escandor-O'Keefe, an instructor recognized for their work in secure programming

Teaches foundational topics which are highly relevant to secure programming

Develops deep expertise in secure programming and strengthens existing foundations

Provides a strong foundation for beginners and intermediate learners

Recommended for learners with experience in software development

Reviews summary

Valuable security vulnerabilities course

Learners say the Identifying Security Vulnerabilities course is a valuable learning experience for anyone who wants to learn about detecting security vulnerabilities. Peer-graded labs are fun, assignments are challenging and help solidify course content, and the instructor is knowledgeable and does an excellent job explaining concepts. While some learners found the first week of the course to be theoretical and outdated with respect to the OWASP top 10, they generally agree this course is great and well-received by learners.

Course has a clear syllabus and well-structured modules with additional resources.

"The syllabus is according with the goal of the course"

"The additional resources and reading is really nice"

Concepts are well-explained by knowledgeable instructor.

"Instructor is very knowledgeable."

"She explained things in a very concise and clear way."

"The instructor has much knowledge about the topics"

Engaging peer-graded labs and challenging assignments.

"Excellent course with a broad coverage of all the aspects involved in Application Security, clearly explained and the peer graded labs were fun to do!"

"Assignments are challenging and help solidify course content."

Outdated Java assignments and OWASP top 10 list.

"The course is really great and got to learn new & interesting concepts except that the webgoat installation tutorial/document is not up to date."

"you might want to check up on the current OWASP top 10, since this course is from 2017."

Course is mostly theory with a small hands-on component.

"KINDLY PROVIDE HANDS ON .THERE WAS NO HANDS ON ALL THEORY NO T MUCH USE IF STUDENTS GET ZERO PRACTICAL"

"First week very theoretical, while the last three becomes more practical."

"The information presented in this course is easy to digest and on point when discussing the identification of security vulnerabilities."

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Identifying Security Vulnerabilities with these activities:

Follow a tutorial on threat modeling

Show steps

Provides supplemental instruction on threat modeling before the course starts.

Browse courses on Threat Modeling

Show steps

Identify a tutorial on threat modeling using the STRIDE method.
Work through the tutorial and complete any associated exercises.

Review cryptography textbook

Show steps

Provides necessary background knowledge in cryptography before the course begins.

View Applied Cryptography: Protocols, Algorithms and... on Amazon

Show steps

Read chapters 1-3 of the textbook.
Complete the end-of-chapter exercises.

Organize and summarize course materials

Show steps

Facilitates ongoing review and retention of course material.

Show steps

Create a dedicated notebook or digital document for class notes.
Summarize key concepts and insights from each lecture and reading assignment.

Four other activities

Expand to see all activities and additional details

Show all seven activities

Participate in peer-led study group

Show steps

Provides opportunities to discuss course material and ask questions.

Show steps

Join or create a peer-led study group.
Meet regularly to discuss course topics and assignments.

Complete SQL injection practice exercises

Show steps

Reinforces SQL injection attack techniques throughout the course.

Browse courses on SQL Injection

Show steps

Work through the SQL injection exercises on the WebGoat platform.
Attempt to exploit a SQL injection vulnerability in a real-world application.

Create a threat model for a given system

Show steps

Applies threat modeling techniques learned in the course.

Browse courses on Threat Modeling

Show steps

Identify a real-world system or application to analyze.
Apply the STRIDE method to identify potential threats and vulnerabilities.
Document the threat model in a written report.

Contribute to an open-source security project

Show steps

Provides practical experience in applying secure programming principles after the course.

Browse courses on Open Source

Show steps

Identify an open-source security project that interests you.
Review the project's documentation and codebase.
Identify an area where you can contribute to the project.
Make a pull request with your proposed changes.

Career center

Learners who complete Identifying Security Vulnerabilities will develop knowledge and skills that may be useful to these careers:

Software Developer

Software Developers design, develop, and maintain computer software. They may also be responsible for testing and debugging software, and for writing documentation. The Identifying Security Vulnerabilities course may be useful for Software Developers because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Software Developers to write more secure code and to avoid common security pitfalls.

See salaries and explore the career path for Software Developer

Security Manager

Security Managers are responsible for managing and overseeing an organization's security program. They may also be responsible for developing and implementing security policies and procedures, conducting security audits, and training employees on security best practices. The Identifying Security Vulnerabilities course may be useful for Security Managers because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Security Managers to better understand the potential risks to an organization's systems and to develop more effective security measures.

See salaries and explore the career path for Security Manager

Security Engineer

Security Engineers design, implement, and maintain security systems to protect an organization's computer networks and systems from unauthorized access, use, disclosure, disruption, modification, or destruction. They may also be responsible for developing and implementing security policies and procedures, conducting security audits, and training employees on security best practices. The Identifying Security Vulnerabilities course may be useful for Security Engineers because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Security Engineers to better understand the potential risks to systems and to develop more effective security measures.

See salaries and explore the career path for Security Engineer

Web Developer

Web Developers design, develop, and maintain websites and web applications. They may also be responsible for testing and debugging websites and web applications, and for writing documentation. The Identifying Security Vulnerabilities course may be useful for Web Developers because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Web Developers to write more secure code and to avoid common security pitfalls.

See salaries and explore the career path for Web Developer

Security Architect

Security Architects design and implement security architectures for organizations. They may also be responsible for developing and implementing security policies and procedures, conducting security audits, and training employees on security best practices. The Identifying Security Vulnerabilities course may be useful for Security Architects because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Security Architects to better understand the potential risks to systems and to develop more effective security measures.

See salaries and explore the career path for Security Architect

Chief Information Security Officer (CISO)

Chief Information Security Officers (CISOs) are responsible for overseeing an organization's information security program. They may also be responsible for developing and implementing security policies and procedures, conducting security audits, and training employees on security best practices. The Identifying Security Vulnerabilities course may be useful for CISOs because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help CISOs to better understand the potential risks to an organization's systems and to develop more effective security measures.

See salaries and explore the career path for Chief Information Security Officer (CISO)

Compliance Manager

Compliance Managers are responsible for ensuring that an organization complies with all applicable laws and regulations. They may also be responsible for developing and implementing compliance policies and procedures, and for training employees on compliance best practices. The Identifying Security Vulnerabilities course may be useful for Compliance Managers because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Compliance Managers to better understand the potential risks to an organization's systems and to develop more effective compliance measures.

See salaries and explore the career path for Compliance Manager

Penetration Tester

Penetration Testers are responsible for testing the security of computer networks and systems by simulating attacks from malicious actors. They use a variety of tools and techniques to identify vulnerabilities in systems and to exploit those vulnerabilities to gain unauthorized access. The Identifying Security Vulnerabilities course may be useful for Penetration Testers because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Penetration Testers to better understand the potential risks to systems and to develop more effective testing strategies.

See salaries and explore the career path for Penetration Tester

Systems Administrator

Systems Administrators are responsible for managing and maintaining computer systems. They may also be responsible for designing and implementing system security measures, and for training employees on system security best practices. The Identifying Security Vulnerabilities course may be useful for Systems Administrators because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Systems Administrators to better understand the potential risks to systems and to develop more effective security measures.

See salaries and explore the career path for Systems Administrator

Network Administrator

Network Administrators are responsible for managing and maintaining computer networks. They may also be responsible for designing and implementing network security measures, and for training employees on network security best practices. The Identifying Security Vulnerabilities course may be useful for Network Administrators because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Network Administrators to better understand the potential risks to networks and to develop more effective security measures.

See salaries and explore the career path for Network Administrator

Risk Manager

Risk Managers are responsible for identifying, assessing, and mitigating risks to an organization. They may also be responsible for developing and implementing risk management policies and procedures, and for training employees on risk management best practices. The Identifying Security Vulnerabilities course may be useful for Risk Managers because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Risk Managers to better understand the potential risks to an organization's systems and to develop more effective risk management strategies.

See salaries and explore the career path for Risk Manager

Auditor

Auditors are responsible for examining and evaluating an organization's financial and operational records to ensure accuracy and compliance. They may also be responsible for developing and implementing audit policies and procedures, and for training employees on audit best practices. The Identifying Security Vulnerabilities course may be useful for Auditors because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Auditors to better understand the potential risks to an organization's systems and to develop more effective audit procedures.

See salaries and explore the career path for Auditor

Database Administrator

Database Administrators are responsible for managing and maintaining databases. They may also be responsible for designing and implementing database security measures, and for training employees on database security best practices. The Identifying Security Vulnerabilities course may be useful for Database Administrators because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Database Administrators to better understand the potential risks to databases and to develop more effective security measures.

See salaries and explore the career path for Database Administrator

Security Consultant

Security Consultants provide advice and guidance to organizations on how to improve their security posture. They may also be responsible for conducting security assessments, developing security plans, and implementing security measures. The Identifying Security Vulnerabilities course may be useful for Security Consultants because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Security Consultants to better understand the potential risks to systems and to develop more effective security recommendations.

See salaries and explore the career path for Security Consultant

Information Security Analyst

Information Security Analysts design, implement, and oversee an organization's security measures to protect its computer networks and systems. They may also be responsible for developing and implementing security policies and procedures, conducting security audits, and training employees on security best practices. The Identifying Security Vulnerabilities course may be useful for Information Security Analysts because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Information Security Analysts to better understand the potential risks to an organization's systems and to develop more effective security measures.

See salaries and explore the career path for Information Security Analyst