In this course we will wear many hats. With our Attacker Hats on we will exploit Injection issues that allow us to steal data exploit Cross Site Scripting issues to compromise a users browser break authentication to gain access to data and functionality reserved for the ‘Admins’ and even exploit vulnerable components to run our code on a remote server and access some secrets.
We will also wear Defender Hats. We will dive deep in the code to fix the root cause of these issues and discuss various mitigation strategies. We do this by exploiting WebGoat an OWASP project designed to teach penetration testing. WebGoat is a deliberately vulnerable application with many flaws and we take aim at fixing some of these issues. Finally we fix these issues in WebGoat and build our patched binaries.
Together we will discuss online resources to help us along and find meaningful ways to give back to the larger Application Security community.
WEEK 1
7 hours to complete
Setup and Introduction to Cross Site Scripting Attacks
In this module you will be able to use Git and GitHub to pull needed source code. You will be able to run WebGoat in a Docker container and explain reasons for doing so. You'll be able to describe cross-site scripting attacks and explain how these attacks happen and how to guard against them. You'll be able to differentiate between a DOM-based Reflected and Stored cross-site scripting attacks. You will be able to practice protecting against various kinds of cross-site scripting attacks.
14 videos (Total 89 min) 3 readings 2 quizzes
WEEK 2
7 hours to complete
Injection Attacks
In this module you will be able to exploit a SQL injection vulnerability and form plans to mitigate injection vulnerabilities in your web application. You will be able to discuss various approaches to finding and fixing XML Entity and SQL attack vulnerabilities. You'll be able to describe and protect against a man-in-the-middle attack and describe the the thought process to find SQL injection vulnerabilities by putting on the attacker's hat. You will be able to demonstrate how to properly modify queries to get them into prepared statements and analyze code while using an XML viewer and text editor to find vulnerabilities. You'll also be able to navigate a large code base to find critical segments of code and patch vulnerabilities.
10 videos (Total 80 min) 2 readings 2 quizzes
WEEK 3
6 hours to complete
Authentication and Authorization
In this module you will be able to evaluate authentication flaws of various kinds to identify potential problems and create strategies and controls to provide secure authentication. You'll be able to create and/or implement controls to mitigate authentication bypass and draw lessons from notable instances where others failed to authenticate users. You will be able to properly implement authentication methods like JSON Web Tokens (JWT). You will be able to find vulnerabilities in a large code base and provide a solution for demonstrating and exploiting JSON Web Tokens (JWT).
12 videos (Total 57 min) 2 readings 2 quizzes
WEEK 4
4 hours to complete
Dangers of Vulnerable Components and Final Project
In this module you will be able to use the OWASP Dependency Checker while analyzing code and verify that you have vulnerable components in the code. You will be able to examine code to find and patch vulnerable components. You will be able to apply what you learned from previous module activities to finalize your final project.
5 videos (Total 26 min) 3 readings 2 quizzes
Tham gia đánh giá khóa học
Nếu bạn đã học qua khóa học này thì mời bạn tham gia đóng góp ý kiến và đánh giá để cộng đồng bạn học có thêm thông tin tham khảo.
Cung cấp bởi: Coursera / University of California Davis
Thời lượng: 24 hours
Ngôn ngữ giảng dạy: Tiếng Anh
Chi phí: Miễn phí / 0
Đối tượng: Intermediate
Thông tin về nhà cung cấp
Coursera (/ kərˈsɛrə /) là một nền tảng học tập trực tuyến toàn cầu được thành lập vào năm 2012 bởi 2 giáo sư khoa học máy tính của đại học Stanford là Andrew Ng và Daphne Koller, nền tảng này cung cấp các khóa học trực tuyến (MOOC) cho cộng đồng người học online.
Coursera hợp tác với các trường đại học danh tiếng tại Bắc Mỹ và trên khắp thế giới, cùng với nhiều tổ chức khác để cung cấp các khóa học trực tuyến chất lượng, theo chuyên ngành và được cấp chứng chỉ trong nhiều lĩnh vực như kỹ thuật, khoa học dữ liệu, học máy, toán học, kinh doanh, khoa học máy tính, tiếp thị kỹ thuật số, nhân văn, y học, sinh học, khoa học xã hội , và nhiều ngành khác.