Learn something new everyday

Secure Coding Practices Specialization by UC Davis

Coursera Specialization is a series of courses that helps you master a skill. To begin, you can enroll in the Specialization directly, or review its courses and choose the one you’d like to start with. When you subscribe to a course that is part of a Specialization, you’re automatically subscribed to the full Specialization. You can either complete just one course or you can pause your learning or end your subscription at any time.

We have already looked at TOP 100 Coursera Specializations and today we will check out specialization intended for software developers of any level who are not yet fluent with secure coding and programming techniques.Through four courses, you will cover the principles of secure coding, concepts of threat modeling and cryptography and exploit vulnerabilities in both C/C++ and Java languages, which will prepare you to think like a hacker and protect your organizations information.

The courses provide ample practice activities including exploiting WebGoat, an OWASP project designed to teach penetration testing.

#1.Principles of Secure Coding

This course introduces you to the principles of secure programming. It begins by discussing the philosophy and principles of secure programming, and then presenting robust programming and the relationship between it and secure programming. We’ll go through a detailed example of writing robust code and we’ll see many common programming problems and show their connection to writing robust, secure programs in general. We’ll examine eight design principles that govern secure coding and how to apply them to your own work. We’ll discuss how poor design choices drive implementation in coding.

We’ll differentiate between informal, formal, and ad hoc coding methods. Throughout, methods for improving the security and robustness of your programs will be emphasized and you will have an opportunity to practice these concepts through various lab activities. A knowledge of the C programming language is helpful, but not required to participate in the lab exercises.

#2.Identifying Security Vulnerabilities

This course will help you build a foundation of some of the fundamental concepts in secure programming. We will learn about the concepts of threat modeling and cryptography and you’ll be able to start to create threat models and think critically about the threat models created by other people. We’ll learn the basics of applying cryptography, such as encryption and secure hashing. We’ll learn how attackers can exploit application vulnerabilities through the improper handling of user-controlled data. We’ll gain a fundamental understanding of injection problems in web applications, including the three most common types of injection problems: SQL injection, cross-site scripting, and command injection.

We’ll also cover application authentication and session management where authentication is a major component of a secure web application and session management is the other side of the same coin, since the authenticated state of user requests need to be properly handled and run as one session. We’ll learn about sensitive data exposure issues and how you can help protect your customer’s data. We’ll cover how to effectively store password-related information, and not to store the actual plaintext passwords. We’ll participate in coding assignment that will help you to better understand the mechanisms for effectively storing password-related information.

Along the way, we’ll discuss ways of watching out for and mitigating these issues and be able to have some fun and exploit two different vulnerabilities in a web application that was designed to be vulnerable, called WebGoat.

#3.Identifying Security Vulnerabilities in C/C++Programming

This course builds upon the skills and coding practices learned in both Principles of Secure Coding and Identifying Security Vulnerabilities, courses one and two, in this specialization. This course uses the focusing technique that asks you to think about: “what to watch out for” and “where to look” to evaluate and ultimately remediate fragile C++ library code.

The techniques you’ll be examining will make your programs perform accurately and be resistant to attempts to perform inaccurately. This is really what the term secure programming means. You will be shown common errors that people make, and then learn how to program more robustly. You will apply tips and best practices to help you improve your programming style and help you to avoid common problems like buffer overflows, which may or may not cause security problems.

#4.Exploiting and Securing Vulnerabilities in Java Applications

In this course, we will wear many hats. With our Attacker Hats on, we will exploit Injection issues that allow us to steal data, exploit Cross-Site Scripting issues to compromise a users browser, break authentication to gain access to data and functionality reserved for the ‘Admins’, and even exploit vulnerable components to run our code on a remote server and access some secrets. We will also wear Defender Hats. We will dive deep into the code to fix the root cause of these issues and discuss various mitigation strategies.

We do this by exploiting WebGoat, an OWASP project designed to teach penetration testing. WebGoat is a deliberately vulnerable application with many flaws and we take aim at fixing some of these issues. Finally we fix these issues in WebGoat and build our patched binaries. Together we will discuss online resources to help us along and find meaningful ways to give back to the larger Application Security community.

Useful Resources :

Like this post? Don’t forget to share it!

Summary
Article Name
Secure Coding Practices Specialization by UC Davis
Description
Learn secure coding and programming techniques via Secure Coding Practices Specialization by UC Davis
Author
Publisher Name
Upnxtblog
Publisher Logo
Karthik

Allo! My name is Karthik,experienced IT professional.Upnxtblog covers key technology trends that impacts technology industry.This includes Cloud computing,Blockchain,Machine learning & AI,Best mobile apps, Best tools/open source libs etc.,I hope you would love it and you can be sure that each post is fantastic and will be worth your time.

Share
Published by
Karthik

Recent Posts

Developing a Strong Disaster Recovery Plan for Your Business

Operating a business often entails balancing tight schedules, evolving market dynamics, and shifting consumer requirements.…

11 hours ago

How to Secure Your WordPress Hosting by Upgrading Your Login URL

Of course, every site has different needs. In the end, however, there is one aspect…

2 days ago

Social Media Marketing: A Key to Business Success with Easy Digital Life

In today's digital-first world, businesses must adopt effective strategies to stay competitive. Social media marketing…

4 days ago

Best 7 AI Tools Every UI/UX Designer Should Know About

62% of UX designers now use AI to enhance their workflows. Artificial intelligence (AI) rapidly…

6 days ago

How AI Enhances Photoshop Workflow: A Beginner’s Guide

The integration of artificial intelligence into graphic design through tools like Adobe Photoshop can save…

3 weeks ago

The Rise Of Crypto Trading Bots: A New Era In Digital Trading

The cryptocurrency trading world has grown significantly in recent years, with automation playing a key…

4 weeks ago

This website uses cookies.