Coursera

Securing Software, Data and End Points (Coursera)

Offered by (ISC)²,
Securing Software, Data and End Points (Coursera)

Welcome to Course Four. As we know, most attacks against systems involve exploiting vulnerabilities in software that powers hardware. Additionally, attackers may exploit vulnerabilities in the underlying hardware, especially when that hardware is for the protected against being stolen or accessed with unauthorized use, but their real target and all the tax is data. Therefore, it's so critical, the total set of software powering an organization's business logic and processes must be kept secure.

Class Deals by MOOC List - Click here and see Coursera's Active Discounts, Deals, and Promo Codes.

As we'll see in this chapter, the software provides a layered environment. Building from a core or kernel of trustworthy functions up through to the mobile code and executable content. This enables and empowers all web apps and remote data access. Security professionals need to appreciate securing software covers two very different, but closely related major tasks. They need to ensure that the Security Posture of that software is known and understood, as well as ensure the software is installed, maintained, and used in ways consistent with Security Posture or improve it over time. As we discussed in the previous chapter, Security Posture is the set of risks, vulnerabilities controls, and residual risks pertaining to an asset or system. We summarize the safety or risk of using an asset and the degree of reliance that can be placed on the results from a specific context or situation. In this course, we'll build on that foundation by looking more closely at how the data can be the target of an attack and part of exploiting other vulnerabilities in the system. We'll explore what security professionals, as non-programmers, can do to reduce the risk of such malformed input attacks. In course two, we also discussed the non-human user concept as a general way to view management and security of devices and software entities to protect those entities from threats to their integrity and to protect the overall system and individual assets from unauthorized behavior by those non-human users. In this chapter, we'll build on those concepts, as we dive into Endpoint Security Issues and Approaches.
Course 4 Learning Objectives
After completing this course, the participant will be able to: 
L4.1 - Discuss software systems and application security.
L4.2 - Recognize data security concepts and skills. 
L4.3 - Identify malicious code and countermeasures.  
L4.4 - Evaluate mobile device management (MDM) and security issues with mobile and autonomous endpoints.
L4.5 - Review attacks and countermeasures for virtual machines.
Course Agenda
Module 1: Securing Software (Domain 1 - Security Operations and Administration, Domain 3 - Risk Identification, Monitoring and Analysis , Domain 7 - Systems and Application Security )
Module 2: Securing Data (Domain 1 - Security Operations and Administration, Domain 7 - Systems and Application Security )
Module 3: Identify and Analyze Malicious Code and Activity (Domain 7 - Systems and Application Security)
Module 4: Implement and Operate Endpoint Security (Domain 7 - Systems and Application Security )
Module 5: Operate and Secure Virtual Environments (Domain 7 - Systems and Application Security , Domain 6 - Network and Communications Security)   
Who Should Take This Course: Beginners
Experience Required: No prior experience required
Course 4 of 8 in the (ISC)² Systems Security Certified Practitioner (SSCP).

Syllabus

WEEK 1
Module 1: Securing Software
Software presents the largest attack surface of nearly every organization’s information systems, and its creation is often poorly managed. The vast majority of software vulnerabilities are accidental but repeat offenses. Repeats and reprises of classic design and programming errors, being made over and over again by each new generation of programmers.  And when they’re not exploiting those kinds of software vulnerabilities, attackers take advantage of poorly maintained, often under-protected software, and thus exploit other operational and procedural vulnerabilities as they travel along their attack vector to their desired targets. 
We are not going to do a deep dive into the common weaknesses of software, nor how they get put in by designers and programmers. You won’t need to learn programming or how to read code to help your organization dramatically improve the security of its software or the supply chains that bring that software to the organization’s end users.
Module 2: Securing Data
Whether you are using the CIA triad, CIANA+PS or any other set of security characteristics as your analysis framework, you’ll find that they all meet their stress test case when considering databases and data warehouses. This is the “data at rest” part of the three-state model of data; applications and endpoints make up the environment in which we consider data in use, and networks and communications systems are where data is in motion, of course. 
Business and organizational data, personal data such as personally identifiable information (PII) or protected health information (PHI), and metadata about all of that data are collected, collated, linked together and stored in databases and data warehouses, whether on-premises, in the cloud or in hybrid architectures.  It’s the information in those architectures that requires the right set of protections and controls, if the organization is to meet or exceed its information security, data protection and systems safety needs.  Many different forms of attacks on data happen every day. Ransom attacks encrypt the target’s data while demanding payment to provide the decryption key and tool; this is extortion, a crime everywhere.  Other attacks attempt to corrupt existing data or put false data into the system as an act of sabotage or fraud.   Copying of data without disturbing it is theft, and such data breaches, or data exfiltration attacks, can target data that is in simple files, such as poorly protected lists of usernames and related credentials, systems log files or applications data in documents, spreadsheets and other files. Attacks that net millions of stolen copies of customer records, however, have more than likely been targeted against databases and data warehouses. These attack vectors can be categorized in many ways, and the next section will look at the most common.

WEEK 2
Module 3: Identify and Analyze Malicious Code and Activity
The term “malicious code” refers to the many types of malware in use today. In many cases, people use the term “virus” incorrectly to include all types of malware. In fact, a virus is only one form of malware. 
Malware is the joining of the two terms “malicious” and “software.” It is often used to discuss the various forms of malicious software code that have been written to cause damage or perform unauthorized activity on a system. Malware is not used to describe a software bug or logic flaw in a system because those are not written to intentionally perform unauthorized actions. There are many forms of malware in use today, and over the years it has evolved as malware authors have had to discover new ways to compromise a system and to achieve its goals.  It’s important to differentiate between malware and potentially unwanted programs (PUPs). Many adware and spyware programs are viewed as having legitimate business and organizational uses; in fact, the trade groups that represent advertisers, workplace employee performance monitoring and vendors of these programs argue that when used legitimately, the organization clearly wants them installed and in use, even if some of their employees are hesitant.  This is why many threat intelligence services, anti-malware and security systems vendors and others refer to programs with no demonstrably hostile or malicious intent as separate from programs that are clearly hostile by design and use.  Some malware (also called malcode) is overt and obvious, doing extensive damage to systems and data within a short time of its introduction, while other malware is hidden and can lie dormant on a system for months or years undetected, just waiting to respond to a call from the implementer of the malware.  Early versions of malware were either a virus or a worm and often spread by passing floppy disks from person to person (like the Brain computer virus) or exploiting a network connection (e.g., Morris worm). The infected floppy disk would contain a (boot sector) virus that overwrote the boot sector on the hard disk. When the disk was inserted into a system, the system would read the boot sector to determine what data was on the disk and load the virus sitting in the boot sector. With this means of transmission, it took years for such a virus to spread around the world. Other virus types included the macro virus that would exploit the macro language used in some office productivity products, or the various forms of malware that would spread as email attachments or through links in an email.
Module 4: Implement and Operate Endpoint Security
Systems’ security depends on the correct configuration and interaction of many different components. Security must be deployed in a consistent manner across the entire system. This requires careful management of equipment, personnel and communications interfaces. This module will examine how to design, build and manage secure systems and ensure that no gaps are left in the design or operations of a system. 

WEEK 3
Module 5: Operate and Secure Virtual Environments
Module 6: Chapter 4 Review
This chapter has taken you on a wide-ranging journey across the threat surface of your organization’s software, its data, its endpoints and its virtual environments. Along the way you’ve seen some of the challenges that face you as you try to harden systems, procedures and the organization’s people as well as to resist the attacks of malware, social engineering, phishing and malformed data.  
Cybercrime has become incredibly lucrative; it has also become a very big business ecosystem, in which many layers of toolkit developers, open source intelligence gatherers, exfiltrated data resellers and specialist attack teams support the efforts of advanced persistent threat (APT) teams in their attacks on businesses, schools, universities, hospitals and government services around the world.   Your organization’s information security team cannot outspend the cybercriminals; and while it’s true that you cannot outthink all of them all the time, you really don’t have to. You only have to outthink the ones you have to detect, right now, today, as they try to intrude into your systems or otherwise disrupt your IT and OT infrastructures and the business processes that depend upon them.  The bottom line is keeping the data safe, secure, reliable; and that means keeping the software safe and reliable to use, whether it’s running on servers or endpoints, on real iron or in virtualized environments on top of hypervisors. One day at a time.

Go to Class
MOOC List is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Related Courses

Exploiting and Securing Vulnerabilities in Java Applications (Coursera) Coursera
University of California, Davis

Exploiting and Securing Vulnerabilities in Java Applications (Coursera)

Security & Networking

In this course, we will wear many hats. With our Attacker Hats on, we will exploit Injection issues that allow us to steal data, exploit Cross Site Scripting issues to compromise a users browser, break authentication to gain access to data and functionality reserved for the ‘Admins’, and even exploit vulnerable components to run our code on a remote server and access some secrets.

Jun 22nd 2026
4 Weeks
Programming Java Security
Details
Mathematical Foundations for Cryptography (Coursera) Coursera
University of Colorado System

Mathematical Foundations for Cryptography (Coursera)

Security & Networking

Welcome to Course 2 of Introduction to Applied Cryptography. In this course, you will be introduced to basic mathematical principles and functions that form the foundation for cryptographic and cryptanalysis methods. These principles and functions will be helpful in understanding symmetric and asymmetric cryptographic methods examined in Course 3 and Course 4. These topics should prove especially useful to you if you are new to cybersecurity. It is recommended that you have a basic knowledge of computer science and basic math skills such as algebra and probability.

Jun 22nd 2026
4 Weeks
Math Cryptography Security
Details
Proactive Computer Security (Coursera) Coursera
University of Colorado System

Proactive Computer Security (Coursera)

Security & Networking

I’ve heard this before – “I’m not sure my computer security practices are working”. I reply “Have you tested them?” This course is the fourth and final course in the Practical Computer Security specialization. In this course, you’ll learn how to proactively test what you have put in place to protect your data. In the first week you’ll be able to discuss the basics of deterrents and how to “trick” attackers into believing they’ve hit a goldmine of data away from your real systems. In week 2, you’ll be able to understand and discuss the steps of penetration testing methodology.

Jun 22nd 2026
5-12 Weeks
Security Sharing Computer Security
Details
Enterprise and Infrastructure Security (Coursera) Coursera
New York University

Enterprise and Infrastructure Security (Coursera)

Security & Networking

This course introduces a series of advanced and current topics in cyber security, many of which are especially relevant in modern enterprise and infrastructure settings. The basics of enterprise compliance frameworks are provided with introduction to NIST and PCI. Hybrid cloud architectures are shown to provide an opportunity to fix many of the security weaknesses in modern perimeter local area networks.

Jun 22nd 2026
4 Weeks
Security Enterprise Cybersecurity
Details
Hardware Security (Coursera) Coursera
University of Maryland, College Park

Hardware Security (Coursera)

Security & Networking

In this course, we will study security and trust from the hardware perspective. Upon completing the course, students will understand the vulnerabilities in current digital system design flow and the physical attacks to these systems. They will learn that security starts from hardware design and be familiar with the tools and skills to build secure and trusted hardware.

Jun 22nd 2026
5-12 Weeks
Security Hardware Computer Science
Details
Industrial IoT Markets and Security (Coursera) Coursera
University of Colorado Boulder

Industrial IoT Markets and Security (Coursera)

CS: Design & Product

This course can also be taken for academic credit as ECEA 5385, part of CU Boulder’s Master of Science in Electrical Engineering degree. Developing tomorrow's industrial infrastructure is a significant challenge. This course goes beyond the hype of consumer IoT to emphasize a much greater space for potential embedded system applications and growth: The Industrial Internet of Things (IIoT), also known as Industry 4.0. Cisco’s CEO stated: “IoT overall is a $19 Trillion market. IIoT is a significant subset including digital oilfield, advanced manufacturing, power grid automation, and smart cities”.

Jun 22nd 2026
5-12 Weeks
Security Networking IoT
Details
TCP/IP and Advanced Topics (Coursera) Coursera
University of Colorado System

TCP/IP and Advanced Topics (Coursera)

Security & Networking

In this course, we give an in-depth study of the TCP/IP protocols. We examine the details of how IP enables communications across a collection of networks. We pay particular attention to the hierarchical structure of IP addresses and explain their role in ensuring scalability of the Internet. The role of address prefixes and the uses of masks are explained in details. We review in details about TCP three-way handshake, flow control, and congestion control. Furthermore, we provide an introduction to some advanced topics, including Multicast, SDN and security

Jun 22nd 2026
5-12 Weeks
Security Networks TCP/IP
Details
Classical Cryptosystems and Core Concepts (Coursera) Coursera
University of Colorado System

Classical Cryptosystems and Core Concepts (Coursera)

Security & Networking

Welcome to Introduction to Applied Cryptography. Cryptography is an essential component of cybersecurity. The need to protect sensitive information and ensure the integrity of industrial control processes has placed a premium on cybersecurity skills in today’s information technology market. Demand for cybersecurity jobs is expected to rise 6 million globally by 2019, with a projected shortfall of 1.5 million, according to Symantec, the world’s largest security software vendor. According to Forbes, the cybersecurity market is expected to grow from $75 billion in 2015 to $170 billion by 2020.

Jun 22nd 2026
3 Weeks
Cryptography Security Networks
Details
IT Security: Defense against the digital dark arts (Coursera) Coursera
Google

IT Security: Defense against the digital dark arts (Coursera)

Security & Networking

This course covers a wide variety of IT security concepts, tools, and best practices. It introduces threats and attacks and the many ways they can show up. We’ll give you some background of encryption algorithms and how they’re used to safeguard data. Then, we’ll dive into the three As of information security: authentication, authorization, and accounting. We’ll also cover network security solutions, ranging from firewalls to Wifi encryption options. The course is rounded out by putting all these elements together into a multi-layered, in-depth security architecture, followed by recommendations on how to integrate a culture of security into your organization or team.

Jun 22nd 2026
5-12 Weeks
Security Networks Information Technology
Details
Networking and Security in iOS Applications (Coursera) Coursera
University of California, Irvine

Networking and Security in iOS Applications (Coursera)

Security & Networking

You will learn to extend your knowledge of making iOS apps so that they can securely interact with web services and receive push notifications. You'll learn how to store data securely on a device using Core Data. You’ll also learn to securely deploy apps to the App Store and beta users over-the-air. The format of the course is through a series of code tutorials. We will walk you through the creation of several apps that you can keep as a personal app toolbox. When you make your own apps after this course, you can bring in these capabilities as needed. When necessary we pop out of the code tutorials to talk about concepts at a higher level so that what you are programming makes sense.

Jun 22nd 2026
4 Weeks
Security JSON Networks
Details
Protecting Cloud Architecture with Alibaba Cloud (Coursera) Coursera
Alibaba Cloud Academy

Protecting Cloud Architecture with Alibaba Cloud (Coursera)

CS: Software Engineering Computer Science

The Security Exam Preparation Course is a series of online courses covering topics including Linux and Windows OS basics and operations, network fundamentals, host security, application security, network security, and data security. It is designed to help you understand how these products work, how they should be used, and help you gain the required knowledge to prepare for the ACA/ACP level cloud security specialist.

Jun 22nd 2026
5-12 Weeks
Security Linux Data Security
Details