This course is part of the Fundamentals of Computer Network Security Specialization

3.9
stars
227 ratings

Edward Chow

51,199 already enrolled

Offered By

Fundamentals of Computer Network Security SpecializationUniversity of Colorado System

About this Course

22,277 recent views

In this MOOC, you will learn how to hack web apps with command injection vulnerabilities in a web site of your AWS Linux instance.   You will learn how to search valuable information on a typical Linux systems with LAMP services, and deposit and hide Trojans for future exploitation.  You will learn how to patch these web apps with input validation using regular expression. You will learn a security design pattern to avoid introducing injection vulnerabilities by input validation and replacing generic system calls with specific function calls.  You will learn how to hack web apps with SQL injection vulnerabilities and retrieve user profile information and passwords.  You will learn how to patch them with input validation and SQL parameter binding.  You will learn the hacking methodology, Nessus tool for scanning vulnerabilities, Kali Linux for penetration testing, and Metasploit Framework for gaining access to vulnerable Windows Systems, deploying keylogger, and perform Remote VNC server injection.  You will learn security in memory systems and virtual memory layout, and understand buffer overflow attacks and their defenses.  You will learn how to clone a Kali instance with AWS P2 GPU support and perform hashcat password cracking using dictionary attacks and known pattern mask attacks.

Flexible deadlines

Reset deadlines in accordance to your schedule.

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Course 3 of 4 in the

Fundamentals of Computer Network Security Specialization

Intermediate Level

Approx. 15 hours to complete

English

Subtitles: Arabic, French, Portuguese (European), Italian, Vietnamese, German, Russian, English, Spanish

Flexible deadlines

Reset deadlines in accordance to your schedule.

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Course 3 of 4 in the

Fundamentals of Computer Network Security Specialization

Intermediate Level

Approx. 15 hours to complete

English

Subtitles: Arabic, French, Portuguese (European), Italian, Vietnamese, German, Russian, English, Spanish

Instructor

Instructor rating

4.42/5 (23 Ratings)

Edward Chow

Offered by

University of Colorado System

The University of Colorado is a recognized leader in higher education on the national and global stage. We collaborate to meet the diverse needs of our students and communities. We promote innovation, encourage discovery and support the extension of knowledge in ways unique to the state of Colorado and beyond.

Syllabus - What you will learn from this course

Content Rating84%(1,223 ratings)

Week

Week 1

3 hours to complete

Injection Web App Attacks and Their Defenses

In this module we will learn how to hack web app with command injection vulnerability with only four characters malicious string. We will learn how to hack web app with database backend with SQL injection vulnerability and potentially show the list of passwords by injecting string to overwrite SQL query. We will learn how to perform code review to spot the key statements/their patterns that expose the programs for such injection attacks and learn how to patch them. We will learn how to apply security design pattern to defend injection attacks and enhance web security.

3 hours to complete

4 videos (Total 34 min), 2 readings, 2 quizzes

Week

Week 2

5 hours to complete

Hack SQL Databases and Patch Web Apps with SQL Injection Vulnerabilities

In this module we will learn how to hack web app with database backend with SQL injection vulnerability and potentially show the list of passwords by injecting string to overwrite SQL query.We will learn how to perform code review to spot the key statements/their patterns that expose the programs for such injection attacks and learn how to patch them. We will learn the eight-step hacker methodology for exploit systems. For the escalating privilege techniques, we show how to leverage command injection vulnerability to search file systems and deposit/hide Trojans for future exploit.

5 hours to complete

6 videos (Total 54 min), 5 readings, 2 quizzes

6 videos

SQL Injection Attacks10m

Patching Web App with SQL Injection Vulnerability5m

Hacking Methodology9m

Demystify New OS/PL Will Not Have Injection Vulnerabilities8m

Escalate Privileges via Deploying Trojan10m

Escalate Privileges by Bringing in Sophisticated Trojan8m

5 readings

SQL Injection30m

SQL Injection Prevention Cheat Sheet30m

Red Teaming: The Art of Ethical Hacking30m

Understanding Privilege Escalation30m

National Vulnerability Database Entry30m

1 practice exercise

Exam 3.2. Assessing SQL Injection and Hacking Methodology30m

Week

Week 3

2 hours to complete

Memory Attacks and Defenses

In this module, we learn about the typical protection mechanism provided by the modern OS to prevent process from accessing other pages data belong different process. We will also learn buffer overflow attacks and their common defenses.

2 hours to complete

4 videos (Total 51 min), 2 readings, 1 quiz

Week

Week 4

5 hours to complete

Penetration Testing

In this module we will learn how to perform Vulnerability Scanning with Nessus tool, learn to perform penetration testing using tools included in Kali Linux distribution and to use Metasploit Framework to take control a vulnerable machine, deploy keylogger, run remote shell and remote VNC injection. We will also learn how to clone an AWS P2.xlarge GPU instance from a Ubuntu image with hashcat software to crack passwords.

5 hours to complete

6 videos (Total 37 min), 3 readings, 2 quizzes

Reviews

3.9

61 reviews

5 stars
59.57%
4 stars
13.19%
3 stars
5.95%
2 stars
4.25%
1 star
17.02%

TOP REVIEWS FROM HACKING AND PATCHING

by NHSep 13, 2019

This Course is very interested. I hope I will learn it for use purpose also.

by TLApr 24, 2019

The Asian teacher's pronunciation is little be hard to understand but I love this class still

by GMSep 13, 2021

pursuing cousera course it hepled me a lot and very much coursera team

by NNJan 16, 2020

Understanding the language slank was a little difficult at first, but finally got used to it!

View all reviews

About the Fundamentals of Computer Network Security Specialization

This specialization in intended for IT professionals, computer programmers, managers, IT security professionals who like to move up ladder, who are seeking to develop network system security skills. Through four courses, we will cover the Design and Analyze Secure Networked Systems, Develop Secure Programs with Basic Cryptography and Crypto API, Hacking and Patching Web Applications, Perform Penetration Testing, and Secure Networked Systems with Firewall and IDS, which will prepare you to perform tasks as Cyber Security Engineer, IT Security Analyst, and Cyber Security Analyst.

The learning outcomes of this specialization include: you should be able to create public/private keys, certificate requests, install/sign/verify them for web server and client authentication, secure emails, and code signing. you should be able to write secure web apps with Crypto API to implement the confidentiality, integrity, and availability basic security services. you should be able to hack web applications with vulnerabilities and patch them. you should be able to apply penetration testing tool to exploit vulnerable systems. you should be able to crack passwords given the hashes in password file using AWS P2 GPU. you should be able to configure firewall and IDS for secure network systems you should be able to specify effective security policies and implement efficient enforcement procedures by applying security design principles for securing network systems.

Fundamentals of Computer Network Security

Frequently Asked Questions

When will I have access to the lectures and assignments?
Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:
The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.
The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.
What will I get if I subscribe to this Specialization?
When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.
Is financial aid available?
Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

More questions? Visit the Learner Help Center.

Hacking and Patching

About this Course