This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.
Este curso faz parte do Programa de cursos integrados Segurança cibernéticaSegurança Cibernética
Segurança de Software
oferecido por
Programa de cursos integrados Segurança cibernéticaSegurança CibernéticaUniversidade de Maryland, College Park
Informações sobre o curso
4.6
766 classificações
Habilidades que você terá
Fuzz TestingBuffer OverflowSql InjectionPenetration Test
Programa - O que você aprenderá com este curso
Semana
1OVERVIEW
Overview and expectations of the course
3 vídeos (total de (Total 26 mín.) min), 4 leituras, 1 teste
3 videos
What is software security?7min
Tour of the course and expected background11min
4 leituras
Introductory Reading10min
Syllabus10min
FAQ and Errata10min
Glossary10min
1 exercício prático
Qualifying Quiz30min
LOW-LEVEL SECURITY
Low-level security: Attacks and exploits
6 vídeos (total de (Total 50 mín.) min), 2 leituras, 2 testes
6 videos
Memory Layout11min
Buffer Overflow6min
Code Injection6min
Other Memory Exploits11min
Format String Vulnerabilities6min
2 leituras
Week 1 Reading10min
Project 110min
2 exercícios práticos
Week 1 quiz30min
VM BOF quiz24min
Semana
2DEFENDING AGAINST LOW-LEVEL EXPLOITS
Defending against low-level exploits
7 vídeos (total de (Total 79 mín.) min), 1 leitura, 1 teste
7 videos
Memory Safety16min
Type Safety4min
Avoiding Exploitation9min
Return Oriented Programming - ROP11min
Control Flow Integrity14min
Secure Coding18min
1 leituras
Week 2 Reading10min
1 exercício prático
Week 2 quiz30min
Semana
3WEB SECURITY
Web security: Attacks and defenses
10 vídeos (total de (Total 101 mín.) min), 2 leituras, 2 testes
10 videos
Web Basics10min
SQL Injection10min
SQL Injection Countermeasures9min
Web-based State Using Hidden Fields and Cookies13min
Session Hijacking6min
Cross-site Request Forgery - CSRF6min
Web 2.05min
Cross-site Scripting13min
Interview with Kevin Haley21min
2 leituras
Week 3 Reading10min
Project 210min
2 exercícios práticos
BadStore quiz18min
Week 3 quiz32min
Semana
4SECURE SOFTWARE DEVELOPMENT
Designing and Building Secure Software
10 vídeos (total de (Total 130 mín.) min), 1 leitura, 1 teste
10 videos
Threat Modeling, or Architectural Risk Analysis9min
Security Requirements13min
Avoiding Flaws with Principles8min
Design Category: Favor Simplicity10min
Design Category: Trust With Reluctance12min
Design Category: Defense in Depth, Monitoring/Traceability5min
Top Design Flaws9min
Case Study: Very Secure FTP daemon12min
Interview with Gary McGraw40min
1 leituras
Week 4 Reading10min
1 exercício prático
Week 4 quiz32min
33%
comecei uma nova carreira após concluir estes cursos
27%
consegui um benefício significativo de carreira com este curso
17%
recebi um aumento ou promoção
Melhores avaliações
por PR•Nov 20th 2016
Content is really valuable and actionable with a specific comeback for the student in terms of secure development, security and how to understand the origin of exploits and other cyber attacks
por DT•May 9th 2016
The course of this kind was extremely needed, still in it's current state it contains lots of inaccuracies in lectures and quizes. I hope they will be fixed up to the future sessions.
Instrutores
Michael Hicks
ProfessorDepartment of Computer Science
Sobre Universidade de Maryland, College Park
The University of Maryland is the state's flagship university and one of the nation's preeminent public research universities. A global leader in research, entrepreneurship and innovation, the university is home to more than 37,000 students, 9,000 faculty and staff, and 250 academic programs. Its faculty includes three Nobel laureates, three Pulitzer Prize winners, 47 members of the national academies and scores of Fulbright scholars. The institution has a $1.8 billion operating budget, secures $500 million annually in external research funding and recently completed a $1 billion fundraising campaign.
Sobre o Programa de cursos integrados Segurança cibernéticaSegurança Cibernética
The Cybersecurity Specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. These concepts are illustrated with examples drawn from modern practice, and augmented with hands-on exercises involving relevant tools and techniques. Successful participants will develop a way of thinking that is security-oriented, better understanding how to think about adversaries and how to build systems that defend against them.
Perguntas Frequentes – FAQ
Quando terei acesso às palestras e às tarefas?
Ao se inscrever para um Certificado, você terá acesso a todos os vídeos, testes e tarefas de programação (se aplicável). Tarefas avaliadas pelos colegas apenas podem ser enviadas e avaliadas após o início da sessão. Caso escolha explorar o curso sem adquiri-lo, talvez você não consiga acessar certas tarefas.
O que recebo ao me inscrever nesta Especialização?
Quando você se inscreve no curso, tem acesso a todos os cursos na Especialização e pode obter um certificado quando concluir o trabalho. Seu Certificado eletrônico será adicionado à sua página de Participações e você poderá imprimi-lo ou adicioná-lo ao seu perfil no LinkedIn. Se quiser apenas ler e assistir o conteúdo do curso, você poderá frequentá-lo como ouvinte sem custo.
Qual é a política de reembolso?
Existe algum auxílio financeiro disponível?
Mais dúvidas? Visite o Central de Ajuda ao Aprendiz.
O Coursera proporciona acesso universal à melhor educação do mundo fazendo parcerias com as melhores universidades e organizações para oferecer cursos on-line.
© 2019 Coursera Inc. Todos os direitos reservados.
