Coursera

Identifying Security Vulnerabilities (Coursera)

Offered by University of California, Davis,
Identifying Security Vulnerabilities (Coursera)

This course will help you build a foundation of some of the fundamental concepts in secure programming. We will learn about the concepts of threat modeling and cryptography and you'll be able to start to create threat models, and think critically about the threat models created by other people. We'll learn the basics of applying cryptography, such as encryption and secure hashing. We'll learn how attackers can exploit application vulnerabilities through the improper handling user-controlled data. We'll gain a fundamental understanding of injection problems in web applications, including the three most common types of injection problems: SQL injection, cross-site scripting, and command injection.

Class Deals by MOOC List - Click here and see Coursera's Active Discounts, Deals, and Promo Codes.

We'll also cover application authentication and session management where authentication is a major component of a secure web application and session management is the other side of the same coin, since the authenticated state of user requests need to be properly handled and run as one session. We'll learn about sensitive data exposure issues and how you can help protect your customer's data. We'll cover how to effectively store password-related information, and not to store the actual plaintext passwords. We'll participate in coding assignment that will help you to better understand the mechanisms for effectively storing password-related information.
Along the way, we’ll discuss ways of watching out for and mitigating these issues and be able have some fun and exploit two different vulnerabilities in a web application that was designed to be vulnerable, called WebGoat.
Course 2 of 4 in the Secure Coding Practices Specialization.

Syllabus

WEEK 1
Foundational Topics in Secure Programming
In this module, you will gain exposure to the ideas of threat modeling and applied cryptography. By the end of the module, you will be able to start to create threat models, and think critically about the threat models created by other people. You will be able to apply the STRIDE Method to your threat model and distinguish the trust boundaries in a given system. You will also gain a basic understanding of applied cryptography, such as encryption and secure hashing.

WEEK 2
Injection Problems
By the end of this module, you will have a fundamental understanding of injection problems in web applications. You'll be able to discuss and describe the three most common types of injection problems: SQL injection, cross-site scripting, and command injection. In order to drive home these concepts, you will be able to work on exploiting a SQL injection vulnerability in the WebGoat application. You'll be able to formulate plans to mitigate injection problems in your applications.

WEEK 3
Problems Arising From Broken Authentication
By the end of this module, you will be able to evaluate a system to determine if it follows the generally prescribed secure methods for authentication and session management in web applications. You'll be able to distinguish the relationship between authentication, session management, and access control. You will also be able to exploit WebGoat's authentication and session management vulnerability. As well as be able to evaluate a system to determine if it performs sufficient security logging such that non-repudiation is enforced. This will help drive the concepts that you will learn in this module.

WEEK 4
Sensitive Data Exposure Problems
By the end of this module, you will understand how to effectively store password-related information, and NOT to store the actual plaintext passwords. You will also have a hands on coding assignment that will help you to better understand the mechanisms for effectively storing password-related information. Ready?

Go to Class
MOOC List is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Related Courses

FinTech Security and Regulation (RegTech) (Coursera) Coursera
The Hong Kong University of Science and Technology - HKUST

FinTech Security and Regulation (RegTech) (Coursera)

Economics & Finance Business

This course "FinTech Security and Regulation (RegTech)" help you to understand RegTech and to become more confident and persuasive in your ability to analyze and make recommendations to executives within the finance industry regarding how to react to these changes, e.g. Regulations to cryptocurrencies like BitCoin & Initial Coin Offering (ICO). It presents the views of several professors from the top business school in Asia as well as perspectives from industry professionals.

Jun 29th 2026
5-12 Weeks
Finance Business Security
Details
Security & Safety Challenges in a Globalized World (Coursera) Coursera
Leiden University

Security & Safety Challenges in a Globalized World (Coursera)

Social Sciences

Security and safety challenges rank among the most pressing issues of modern times. Challenges such as, cyber-crime, terrorism, and environmental disasters impact the lives of millions across the globe. These issues also rank high on the agenda of politicians, international organizations and businesses. They also feature prominently in the public conscience and in governmental policies.

Jun 29th 2026
5-12 Weeks
Security Terrorism Cybercrime
Details
Privacy Law and HIPAA (Coursera) Coursera
University of Pennsylvania

Privacy Law and HIPAA (Coursera)

Business

What does it take to comply with privacy laws? In this course, we’ll look at the practical aspects of navigating the complex landscape of privacy requirements. Better understanding privacy laws and data protection will enable you to protect your organization and the constituents that depend on your organization to safeguard their personal information.

Jun 29th 2026
4 Weeks
Security Privacy Data Protection
Details
Palo Alto Networks Cybersecurity Foundation (Coursera) Coursera
Palo Alto Networks

Palo Alto Networks Cybersecurity Foundation (Coursera)

Security & Networking

In this course, students will learn fundamental principles associated with the current cybersecurity landscape and identify concepts required to recognize and potentially mitigate attacks against enterprise networks as well as mission critical infrastructure. Students will also learn how to initially setup and configure security zones, authentication, and policies on a next generation firewall.

Jun 30th 2026
5-12 Weeks
Cryptography Cloud Computing Malware
Details
The GRC Approach to Managing Cybersecurity (Coursera) Coursera
University System of Georgia

The GRC Approach to Managing Cybersecurity (Coursera)

Security & Networking

Managing cybersecurity is about managing risk, specifically the risk to information assets of valued by an organization. This course examines the role of Governance, Risk Management, and Compliance (GRC) as part of the Cybersecurity management process, including key functions of planning, policies, and the administration of technologies to support the protection of critical information assets.

Jun 29th 2026
5-12 Weeks
Security Risk Management Cybersecurity
Details
Homeland Security & Cybersecurity Connection - It's Not About the Terrorists (Coursera) Coursera
University of Colorado System

Homeland Security & Cybersecurity Connection - It's Not About the Terrorists (Coursera)

Social Sciences

Welcome to Course 1 in CS4950, Homeland Security and Cybersecruity. In this course we examine the origins of homeland security and its co0nnection with cybersecurity. Homeland security is about safeguarding the United States from domestic catastrophic destruction. Catastrophic destruction comes in two forms: natural and manmade. For most of history the man-made variety came in the form of warfare and required the combined resources of a nation state. All that changed March 20th, 1995. On that date, members of a quasi-religious cult in Japan attacked the Tokyo subway system using Sarin gas. It was the first deployment of a weapon of mass destruction my a non-state actor.

Jun 29th 2026
4 Weeks
Security Cybersecurity Homeland Security
Details
Introduction to Blockchain for Financial Services (Coursera) Coursera
INSEAD

Introduction to Blockchain for Financial Services (Coursera)

Security & Networking

In this first course of the specialization, we will discuss the limitations of the Internet for business and economic activity, and explain how blockchain technology represents the way forward. After completing this course, you will be able to explain what blockchain is, how it works, and why it is revolutionary. You will learn key concepts such as mining, hashing, proof-of-work, public key cryptography, and the double-spend problem.

Jun 29th 2026
5-12 Weeks
Cryptography Databases Mining
Details
Homeland Security and Cybersecurity Future (Coursera) Coursera
University of Colorado System

Homeland Security and Cybersecurity Future (Coursera)

Social Sciences

This course takes a look at the future of cybersecurity with respect to what is being done to lessen the potential for catastrophic destruction resulting from cyber attack on critical infrastructure. In this respect, we take a short survey of potential technological solutions and response options. We conclude this module by taking a look at unique aspects of the cyber profession and personal considerations for those who want to make cybersecurity a career.

Jun 29th 2026
4 Weeks
Security Cybersecurity Cyber Attacks
Details
IT Security: Defense against the digital dark arts (Coursera) Coursera
Google

IT Security: Defense against the digital dark arts (Coursera)

Security & Networking

This course covers a wide variety of IT security concepts, tools, and best practices. It introduces threats and attacks and the many ways they can show up. We’ll give you some background of encryption algorithms and how they’re used to safeguard data. Then, we’ll dive into the three As of information security: authentication, authorization, and accounting. We’ll also cover network security solutions, ranging from firewalls to Wifi encryption options. The course is rounded out by putting all these elements together into a multi-layered, in-depth security architecture, followed by recommendations on how to integrate a culture of security into your organization or team.

Jun 29th 2026
5-12 Weeks
Security Networks Information Technology
Details
Cyber Security in Manufacturing (Coursera) Coursera
University at Buffalo,The State University of New York

Cyber Security in Manufacturing (Coursera)

Security & Networking

The nature of digital manufacturing and design (DM&D), and its heavy reliance on creating a digital thread of product and process data and information, makes it a prime target for hackers and counterfeiters. This course will introduce students to why creating a strong and secure infrastructure should be of paramount concern for anyone operating in the DM&D domain, and measures that can be employed to protect operational technologies, systems and resources.

Jun 29th 2026
4 Weeks
Security Manufacturing Cybersecurity
Details
Securing Digital Democracy (Coursera) Coursera
University of Michigan

Securing Digital Democracy (Coursera)

Security & Networking

In this course, you'll learn what every citizen should know about the security risks--and future potential — of electronic voting and Internet voting. We'll take a look at the past, present, and future of election technologies and explore the various spaces intersected by voting, including computer security, human factors, public policy, and more.

Jun 29th 2026
5-12 Weeks
Digital Security Operating Systems
Details