In this MOOC you will learn how to hack web apps with command injection vulnerabilities in a web site of your AWS Linux instance. You will learn how to search valuable information on a typical Linux systems with LAMP services and deposit and hide Trojans for future exploitation.
You will learn how to patch these web apps with input validation using regular expression. You will learn a security design pattern to avoid introducing injection vulnerabilities by input validation and replacing generic system calls with specific function calls. You will learn how to hack web apps with SQL injection vulnerabilities and retrieve user profile information and passwords.
You will learn how to patch them with input validation and SQL parameter binding. You will learn the hacking methodology Nessus tool for scanning vulnerabilities Kali Linux for penetration testing and Metasploit Framework for gaining access to vulnerable Windows Systems deploying keylogger and perform Remote VNC server injection. You will learn security in memory systems and virtual memory layout and understand buffer overflow attacks and their defenses.
You will learn how to clone a Kali instance with AWS P2 GPU support and perform hashcat password cracking using dictionary attacks and known pattern mask attacks.
WEEK 1
4 hours to complete
Injection Web App Attacks and Their Defenses
In this module we will learn how to hack web app with command injection vulnerability with only four characters malicious string. We will learn how to hack web app with database backend with SQL injection vulnerability and potentially show the list of passwords by injecting string to overwrite SQL query. We will learn how to perform code review to spot the key statements/their patterns that expose the programs for such injection attacks and learn how to patch them. We will learn how to apply security design pattern to defend injection attacks and enhance web security.
SHOW ALL SYLLABUS
SHOW ALL
4 videos (Total 34 min) 2 readings 2 quizzes
WEEK 2
6 hours to complete
Hack SQL Databases and Patch Web Apps with SQL Injection Vulnerabilities
In this module we will learn how to hack web app with database backend with SQL injection vulnerability and potentially show the list of passwords by injecting string to overwrite SQL query.We will learn how to perform code review to spot the key statements/their patterns that expose the programs for such injection attacks and learn how to patch them. We will learn the eight-step hacker methodology for exploit systems. For the escalating privilege techniques we show how to leverage command injection vulnerability to search file systems and deposit/hide Trojans for future exploit.
SHOW ALL SYLLABUS
SHOW ALL
6 videos (Total 54 min) 5 readings 2 quizzes
WEEK 3
2 hours to complete
Memory Attacks and Defenses
In this module we learn about the typical protection mechanism provided by the modern OS to prevent process from accessing other pages data belong different process. We will also learn buffer overflow attacks and their common defenses.
4 videos (Total 51 min) 2 readings 1 quiz
WEEK 4
4 hours to complete
Penetration Testing
In this module we will learn how to perform Vulnerability Scanning with Nessus tool learn to perform penetration testing using tools included in Kali Linux distribution and to use Metasploit Framework to take control a vulnerable machine deploy keylogger run remote shell and remote VNC injection. We will also learn how to clone an AWS P2.xlarge GPU instance from a Ubuntu image with hashcat software to crack passwords.
6 videos (Total 37 min) 3 readings 2 quizzes
Tham gia đánh giá khóa học
Nếu bạn đã học qua khóa học này thì mời bạn tham gia đóng góp ý kiến và đánh giá để cộng đồng bạn học có thêm thông tin tham khảo.
Cung cấp bởi: Coursera / University of Colorado System
Thời lượng: 17 hours
Ngôn ngữ giảng dạy: Tiếng Anh
Chi phí: Miễn phí / 0
Đối tượng: Intermediate
Thông tin về nhà cung cấp
Coursera (/ kərˈsɛrə /) là một nền tảng học tập trực tuyến toàn cầu được thành lập vào năm 2012 bởi 2 giáo sư khoa học máy tính của đại học Stanford là Andrew Ng và Daphne Koller, nền tảng này cung cấp các khóa học trực tuyến (MOOC) cho cộng đồng người học online.
Coursera hợp tác với các trường đại học danh tiếng tại Bắc Mỹ và trên khắp thế giới, cùng với nhiều tổ chức khác để cung cấp các khóa học trực tuyến chất lượng, theo chuyên ngành và được cấp chứng chỉ trong nhiều lĩnh vực như kỹ thuật, khoa học dữ liệu, học máy, toán học, kinh doanh, khoa học máy tính, tiếp thị kỹ thuật số, nhân văn, y học, sinh học, khoa học xã hội , và nhiều ngành khác.