Secure Coding Practices Specialization

Instructors: Joubin Jabbari

12,274 already enrolled

Included with Coursera Plus

Learn more

4 course series

Get in-depth knowledge of a subject

4.5

(387 reviews)

Intermediate level

Some related experience required

2 months

at 10 hours a week

Flexible schedule

Learn at your own pace

4 course series

Get in-depth knowledge of a subject

4.5

(387 reviews)

Intermediate level

Some related experience required

2 months

at 10 hours a week

Flexible schedule

Learn at your own pace

What you'll learn

Practice improving the security and robustness of your programs.
Create threat models and apply basic cryptography.
Evaluate and remediate fragile C++ library code.
Exploit common types of injection problems and fix the root causes.

Skills you'll gain

Details to know

Shareable certificate

Add to your LinkedIn profile

Taught in English

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

Advance your subject-matter expertise

Learn in-demand skills from university and industry experts
Master a subject or tool with hands-on projects
Develop a deep understanding of key concepts
Earn a career certificate from University of California, Davis

Specialization - 4 course series

This Specialization is intended for software developers of any level who are not yet fluent with secure coding and programming techniques.Through four courses, you will cover the principles of secure coding, concepts of threat modeling and cryptography and exploit vulnerabilities in both C/C++ and Java languages, which will prepare you to think like a hacker and protect your organizations information. The courses provide ample practice activities including exploiting WebGoat, an OWASP project designed to teach penetration testing.

Applied Learning Project

The courses provide ample practice activities including exploiting WebGoat, an OWASP project designed to teach penetration testing.

This Specialization is intended for software developers of any level who are not yet fluent with secure coding and programming techniques.

Principles of Secure Coding

Course 115 hours

What you'll learn

This course introduces you to the principles of secure programming. It begins by discussing the philosophy and principles of secure programming, and then presenting robust programming and the relationship between it and secure programming. We'll go through a detailed example of writing robust code and we'll see many common programming problems and show their connection to writing robust, secure programs in general. We’ll examine eight design principles that govern secure coding and how to apply them to your own work. We’ll discuss how poor design choices drive implementation in coding. We’ll differentiate between informal, formal, and ad hoc coding methods. Throughout, methods for improving the security and robustness of your programs will be emphasized and you will have an opportunity to practice these concepts through various lab activities. A knowledge of the C programming language is helpful, but not required to participate in the lab exercises.

Skills you'll gain

Category: Secure Coding

Category: Programming Principles

Category: Debugging

Category: Application Security

Category: Program Development

Category: Computer Programming

Category: Software Design

Category: C (Programming Language)

Category: Software Development Methodologies

Identifying Security Vulnerabilities

Course 213 hours

What you'll learn

This course will help you build a foundation of some of the fundamental concepts in secure programming. We will learn about the concepts of threat modeling and cryptography and you'll be able to start to create threat models, and think critically about the threat models created by other people. We'll learn the basics of applying cryptography, such as encryption and secure hashing. We'll learn how attackers can exploit application vulnerabilities through the improper handling user-controlled data. We'll gain a fundamental understanding of injection problems in web applications, including the three most common types of injection problems: SQL injection, cross-site scripting, and command injection.

We'll also cover application authentication and session management where authentication is a major component of a secure web application and session management is the other side of the same coin, since the authenticated state of user requests need to be properly handled and run as one session. We'll learn about sensitive data exposure issues and how you can help protect your customer's data. We'll cover how to effectively store password-related information, and not to store the actual plaintext passwords. We'll participate in coding assignment that will help you to better understand the mechanisms for effectively storing password-related information. Along the way, we’ll discuss ways of watching out for and mitigating these issues and be able have some fun and exploit two different vulnerabilities in a web application that was designed to be vulnerable, called WebGoat.

Skills you'll gain

Category: Encryption

Category: Application Security

Category: Web Applications

Category: Secure Coding

Category: Cryptography

Category: Data Security

Category: Open Web Application Security Project (OWASP)

Category: Authentications

Category: Vulnerability Assessments

Category: Security Controls

Category: Vulnerability Management

Category: Javascript

Category: Penetration Testing

Category: Threat Modeling

Identifying Security Vulnerabilities in C/C++Programming

Course 322 hours

What you'll learn

Apply “what to watch out for” and “where to look” to evaluate fragility of C++ library code.
Given a fragile C++ library, code a robust version.
Identify problems w/ privilege, trusted environments, input validation, files & sub-processes, resource mngmt, asynchronicity, & randomness in C/C++.
Remediate examples of problems that apply to C/C++ interactions with the programming environment.

Skills you'll gain

Category: Secure Coding

Category: Encryption

Category: OS Process Management

Category: Data Validation

Category: Cryptography

Category: Identity and Access Management

Category: Linux

Category: Vulnerability Assessments

Category: Debugging

Category: Security Engineering

Category: User Accounts

Category: C (Programming Language)

Category: Application Security

Category: File Management

Category: C and C++

Exploiting and Securing Vulnerabilities in Java Applications

Course 423 hours

What you'll learn

Practice protecting against various kinds of cross-site scripting (XSS) attacks.
Form plans to mitigate injection vulnerabilities in your web application.
Create strategies and controls to provide secure authentication.
Examine code to find and patch vulnerable components.

Skills you'll gain

Category: JSON

Category: Authentications

Category: Secure Coding

Category: Open Web Application Security Project (OWASP)

Category: Git (Version Control System)

Category: Application Security

Category: Docker (Software)

Category: Vulnerability Assessments

Category: Authorization (Computing)

Category: Dependency Analysis

Category: Java Programming

Category: Java

Category: Penetration Testing

Earn a career certificate

Add this credential to your LinkedIn profile, resume, or CV. Share it on social media and in your performance review.

Instructors

Joubin Jabbari

University of California, Davis

1 Course8,345 learners

Offered by

University of California, Davis

Why people choose Coursera for their career

Felipe M.

Learner since 2018

"To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."

Jennifer J.

Learner since 2020

"I directly applied the concepts and skills I learned from my courses to an exciting new project at work."

Larry W.

Learner since 2021

"When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."

Chaitanya A.

"Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."

Open new doors with Coursera Plus

Unlimited access to 10,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription

Learn more

Advance your career with an online degree

Earn a degree from world-class universities - 100% online

Explore degrees

Join over 3,400 global companies that choose Coursera for Business

Upskill your employees to excel in the digital economy

Learn more

Frequently asked questions

It is intended to be able to complete in 4-5 months, but you may want to give yourself more time to work through the many activities outlined in the various courses.

Familiar with the Software Development Lifecycle.
Fluent in one or more coding languages (including web front-end development languages.)
For Java course, Fluent in Java.
For C/C++ course, Fluent in C/C++.

We recommend you begin with Principles of Secure Coding and then move to Identifying Security Vulnerabilities. The other two courses can be taken in either order.

Yes! To get started, click the course card that interests you and enroll. You can enroll and complete the course to earn a shareable certificate, or you can audit it to view the course materials for free. When you subscribe to a course that is part of a Specialization, you’re automatically subscribed to the full Specialization. Visit your learner dashboard to track your progress.