Identifying Security Vulnerabilities from Coursera

This course will help you build a foundation of some of the fundamental concepts in secure programming. We will learn about the concepts of threat modeling and cryptography and you'll be able to start to create threat models, and think critically about the threat models created by other people. We'll learn the basics of applying cryptography, such as encryption and secure hashing. We'll learn how attackers can exploit application vulnerabilities through the improper handling user-controlled data. We'll gain a fundamental understanding of injection problems in web applications, including the three most common types of injection problems: SQL injection, cross-site scripting, and command injection.

We'll also cover application authentication and session management where authentication is a major component of a secure web application and session management is the other side of the same coin, since the authenticated state of user requests need to be properly handled and run as one session. We'll learn about sensitive data exposure issues and how you can help protect your customer's data. We'll cover how to effectively store password-related information, and not to store the actual plaintext passwords. We'll participate in coding assignment that will help you to better understand the mechanisms for effectively storing password-related information.

Along the way, we’ll discuss ways of watching out for and mitigating these issues and be able have some fun and exploit two different vulnerabilities in a web application that was designed to be vulnerable, called WebGoat.

What's inside

Syllabus

Foundational Topics in Secure Programming

In this module, you will gain exposure to the ideas of threat modeling and applied cryptography. By the end of the module, you will be able to start to create threat models, and think critically about the threat models created by other people. You will be able to apply the STRIDE Method to your threat model and distinguish the trust boundaries in a given system. You will also gain a basic understanding of applied cryptography, such as encryption and secure hashing.

Traffic lights

Read about what's good

what should give you pause

and possible dealbreakers

Covers key concepts and ideas that are standard in secure programming

Led by Sandra Escandor-O'Keefe, an instructor recognized for their work in secure programming

Teaches foundational topics which are highly relevant to secure programming

Develops deep expertise in secure programming and strengthens existing foundations

Provides a strong foundation for beginners and intermediate learners

Recommended for learners with experience in software development

Reviews summary

Practical web security vulnerability identification

According to learners, this course provides a solid foundation in identifying common web security vulnerabilities. Many highlight the highly valuable hands-on labs using WebGoat, which help to understand concepts like injection and authentication flaws. Explanations of topics like threat modeling are often found to be clear. While the course is an excellent introduction, some students feel it could benefit from more advanced content or better support for lab environments.

May need additional study for advanced topics.

"While it's a solid intro, the course doesn't go deep into mitigation techniques or more complex attack vectors. I'll need to look elsewhere for that."

"It provides a good overview, but felt a bit basic if you already have some background in development or security."

"This course is excellent for beginners, but intermediate learners might find it lacks the depth needed for professional roles."

Coding assignment on passwords is useful.

"The assignment on securely storing passwords was particularly practical and insightful for my development work."

"I appreciated the specific coding assignment focusing on password hashing; it was a valuable practical takeaway."

"Learning the right way to handle password data through the assignment was a major highlight."

Concepts are explained well for beginners.

"The lectures explained the fundamental concepts of threat modeling and injection problems very clearly. It felt accessible even without deep prior knowledge."

"I found the instructor's explanations concise and easy to follow, laying a good groundwork for understanding common vulnerabilities."

"This course provided a great basic understanding of web security issues like XSS and command injection."

Hands-on practice is a key strength.

"The WebGoat labs were incredibly helpful for understanding how these vulnerabilities actually work in practice. Exploiting them myself really solidified the concepts."

"I really liked the hands-on exercises in WebGoat; it made the theoretical concepts much clearer and provided practical experience."

"The practical assignments with WebGoat were the best part. They are essential for anyone trying to grasp web security beyond just reading about it."

Some students face challenges with labs.

"I spent a significant amount of time just trying to get the WebGoat environment set up correctly, which was frustrating."

"The instructions for setting up the labs weren't always clear, requiring external searching to troubleshoot issues."

"While the labs are great, technical glitches or setup problems can hinder progress for some students."

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Identifying Security Vulnerabilities with these activities:

Follow a tutorial on threat modeling

Show steps

Provides supplemental instruction on threat modeling before the course starts.

Browse courses on Threat Modeling

Show steps

Identify a tutorial on threat modeling using the STRIDE method.
Work through the tutorial and complete any associated exercises.

Review cryptography textbook

Show steps

Provides necessary background knowledge in cryptography before the course begins.

View Applied Cryptography: Protocols, Algorithms and... on Amazon

Show steps

Read chapters 1-3 of the textbook.
Complete the end-of-chapter exercises.

Organize and summarize course materials

Show steps

Facilitates ongoing review and retention of course material.

Show steps

Create a dedicated notebook or digital document for class notes.
Summarize key concepts and insights from each lecture and reading assignment.

Four other activities

Expand to see all activities and additional details

Show all seven activities

Participate in peer-led study group

Show steps

Provides opportunities to discuss course material and ask questions.

Show steps

Join or create a peer-led study group.
Meet regularly to discuss course topics and assignments.

Complete SQL injection practice exercises

Show steps

Reinforces SQL injection attack techniques throughout the course.

Browse courses on SQL Injection

Show steps

Work through the SQL injection exercises on the WebGoat platform.
Attempt to exploit a SQL injection vulnerability in a real-world application.

Create a threat model for a given system

Show steps

Applies threat modeling techniques learned in the course.

Browse courses on Threat Modeling

Show steps

Identify a real-world system or application to analyze.
Apply the STRIDE method to identify potential threats and vulnerabilities.
Document the threat model in a written report.

Contribute to an open-source security project

Show steps

Provides practical experience in applying secure programming principles after the course.

Browse courses on Open Source

Show steps

Identify an open-source security project that interests you.
Review the project's documentation and codebase.
Identify an area where you can contribute to the project.
Make a pull request with your proposed changes.

Career center

Learners who complete Identifying Security Vulnerabilities will develop knowledge and skills that may be useful to these careers:

Web Developer

Web Developers design, develop, and maintain websites and web applications. They may also be responsible for testing and debugging websites and web applications, and for writing documentation. The Identifying Security Vulnerabilities course may be useful for Web Developers because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Web Developers to write more secure code and to avoid common security pitfalls.

See salaries and explore the career path for Web Developer

Chief Information Security Officer (CISO)

Chief Information Security Officers (CISOs) are responsible for overseeing an organization's information security program. They may also be responsible for developing and implementing security policies and procedures, conducting security audits, and training employees on security best practices. The Identifying Security Vulnerabilities course may be useful for CISOs because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help CISOs to better understand the potential risks to an organization's systems and to develop more effective security measures.

See salaries and explore the career path for Chief Information Security Officer (CISO)

Security Architect

Security Architects design and implement security architectures for organizations. They may also be responsible for developing and implementing security policies and procedures, conducting security audits, and training employees on security best practices. The Identifying Security Vulnerabilities course may be useful for Security Architects because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Security Architects to better understand the potential risks to systems and to develop more effective security measures.

See salaries and explore the career path for Security Architect

Security Manager

Security Managers are responsible for managing and overseeing an organization's security program. They may also be responsible for developing and implementing security policies and procedures, conducting security audits, and training employees on security best practices. The Identifying Security Vulnerabilities course may be useful for Security Managers because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Security Managers to better understand the potential risks to an organization's systems and to develop more effective security measures.

See salaries and explore the career path for Security Manager

Security Engineer

Security Engineers design, implement, and maintain security systems to protect an organization's computer networks and systems from unauthorized access, use, disclosure, disruption, modification, or destruction. They may also be responsible for developing and implementing security policies and procedures, conducting security audits, and training employees on security best practices. The Identifying Security Vulnerabilities course may be useful for Security Engineers because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Security Engineers to better understand the potential risks to systems and to develop more effective security measures.

See salaries and explore the career path for Security Engineer

Software Developer

Software Developers design, develop, and maintain computer software. They may also be responsible for testing and debugging software, and for writing documentation. The Identifying Security Vulnerabilities course may be useful for Software Developers because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Software Developers to write more secure code and to avoid common security pitfalls.

See salaries and explore the career path for Software Developer

Risk Manager

Risk Managers are responsible for identifying, assessing, and mitigating risks to an organization. They may also be responsible for developing and implementing risk management policies and procedures, and for training employees on risk management best practices. The Identifying Security Vulnerabilities course may be useful for Risk Managers because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Risk Managers to better understand the potential risks to an organization's systems and to develop more effective risk management strategies.

See salaries and explore the career path for Risk Manager

Compliance Manager

Compliance Managers are responsible for ensuring that an organization complies with all applicable laws and regulations. They may also be responsible for developing and implementing compliance policies and procedures, and for training employees on compliance best practices. The Identifying Security Vulnerabilities course may be useful for Compliance Managers because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Compliance Managers to better understand the potential risks to an organization's systems and to develop more effective compliance measures.

See salaries and explore the career path for Compliance Manager

Auditor

Auditors are responsible for examining and evaluating an organization's financial and operational records to ensure accuracy and compliance. They may also be responsible for developing and implementing audit policies and procedures, and for training employees on audit best practices. The Identifying Security Vulnerabilities course may be useful for Auditors because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Auditors to better understand the potential risks to an organization's systems and to develop more effective audit procedures.

See salaries and explore the career path for Auditor

Penetration Tester

Penetration Testers are responsible for testing the security of computer networks and systems by simulating attacks from malicious actors. They use a variety of tools and techniques to identify vulnerabilities in systems and to exploit those vulnerabilities to gain unauthorized access. The Identifying Security Vulnerabilities course may be useful for Penetration Testers because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Penetration Testers to better understand the potential risks to systems and to develop more effective testing strategies.

See salaries and explore the career path for Penetration Tester

Security Consultant

Security Consultants provide advice and guidance to organizations on how to improve their security posture. They may also be responsible for conducting security assessments, developing security plans, and implementing security measures. The Identifying Security Vulnerabilities course may be useful for Security Consultants because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Security Consultants to better understand the potential risks to systems and to develop more effective security recommendations.

See salaries and explore the career path for Security Consultant

Database Administrator

Database Administrators are responsible for managing and maintaining databases. They may also be responsible for designing and implementing database security measures, and for training employees on database security best practices. The Identifying Security Vulnerabilities course may be useful for Database Administrators because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Database Administrators to better understand the potential risks to databases and to develop more effective security measures.

See salaries and explore the career path for Database Administrator

Network Administrator

Network Administrators are responsible for managing and maintaining computer networks. They may also be responsible for designing and implementing network security measures, and for training employees on network security best practices. The Identifying Security Vulnerabilities course may be useful for Network Administrators because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Network Administrators to better understand the potential risks to networks and to develop more effective security measures.

See salaries and explore the career path for Network Administrator

Systems Administrator

Systems Administrators are responsible for managing and maintaining computer systems. They may also be responsible for designing and implementing system security measures, and for training employees on system security best practices. The Identifying Security Vulnerabilities course may be useful for Systems Administrators because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Systems Administrators to better understand the potential risks to systems and to develop more effective security measures.

See salaries and explore the career path for Systems Administrator

Information Security Analyst

Information Security Analysts design, implement, and oversee an organization's security measures to protect its computer networks and systems. They may also be responsible for developing and implementing security policies and procedures, conducting security audits, and training employees on security best practices. The Identifying Security Vulnerabilities course may be useful for Information Security Analysts because it provides a foundation in secure programming concepts, including threat modeling, cryptography, and injection problems. This knowledge can help Information Security Analysts to better understand the potential risks to an organization's systems and to develop more effective security measures.

See salaries and explore the career path for Information Security Analyst