Software Security

Start Date: 07/05/2020

Course Type: Common Course

Course Link: https://www.coursera.org/learn/software-security

Explore 1600+ online courses from top universities. Join Coursera today to learn data science, programming, business strategy, and more.

About Course

This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems. Successful learners in this course typically have completed sophomore/junior-level undergraduate work in a technical field, have some familiarity with programming, ideally in C/C++ and one other "managed" program language (like ML or Java), and have prior exposure to algorithms. Students not familiar with these languages but with others can improve their skills through online web tutorials.

Deep Learning Specialization on Coursera

Course Introduction

Software Security In this course, you will learn about software security in the context of modern computing systems, and how to protect your software against software attacks. We will start by looking at common software application security threats, such as file and program code injection, common attacks that are executed in the background, and how these attacks are usually mitigated. We then examine the different application model types, including server-side applications, application programming models, and cloud-based applications. We then introduce various techniques used to perform common application analysis, and discuss how these techniques can help mitigate common attack methods. At the end of this course, you will be able to: - Describe the attack surface of common software systems. - Define what an application is and attack surface analysis. - Design and implement mitigation strategies. - Summarize common application models. - Practice and implement practice mitigation strategies. - Apply security controls to protect software systems. - Emphasize the importance of application modeling and security protocols. - Develop an understanding of typical application models and their mitigation strategies. - Practice to mitigate common attack methods. - Apply application modeling and security protocols to protect against common attack methods. When you complete this course, you will have a basic understanding of what software security is, what an application model is, what are the most common application models, and how to protect against common attack methods. You will also have a

Course Tag

Fuzz Testing Buffer Overflow Sql Injection Penetration Test

Related Wiki Topic

Article Example
Software Development Security There are a number of basic guiding principles to software security. Stakeholders’ knowledge of these and how they may be implemented in software is vital to software security. These include:
Software security assurance There are two basic types of Software Security Assurance activities.
Software security assurance At a minimum, a software security assurance program should ensure that:
Software security assurance Software security testing, which includes penetration testing, confirms the results of design and code analysis, investigates software behaviour, and verifies that the software complies with security requirements. Special security testing, conducted in accordance with a security test plan and procedures, establishes the compliance of the software with the security requirements. Security testing focuses on locating software weaknesses and identifying extreme or unexpected situations that could cause the software to fail in ways that would cause a violation of security requirements. Security testing efforts are often limited to the software requirements that are classified as "critical" security items.
Software security assurance Improving the software development process and building better software are ways to improve software security, by producing software with fewer defects and vulnerabilities. A first-order approach is to identify the critical software components that control security-related functions and pay special attention to them throughout the development and testing process. This approach helps to focus scarce security resources on the most critical areas.
Open-source software security Open-source software security is the measure of assurance or guarantee in the freedom from danger and risk inherent to an open-source software system.
Software security assurance Security architecture/design analysis verifies that the software design correctly implements security requirements. Generally speaking, there are four basic techniques that are used for security architecture/design analysis.
Software security assurance Software security assurance is a process that helps design and implement software that protects the data and resources contained in and controlled by that software. Software is itself a resource and thus must be afforded appropriate Escrito.
Software security assurance All security vulnerabilities in software are the result of security bugs, or defects, within the software. In most cases, these defects are created by two primary causes: (1) non-conformance, or a failure to satisfy requirements; and (2) an error or omission in the software requirements.
Software security assurance Since the number of threats specifically targeting software is increasing, the security of our software that we produce or procure must be assured. "Dependence on information technology makes software assurance a key element of business
Software security assurance One way to improve software security is to gain a better understanding of the most common weaknesses that can affect software security. With that in mind, there is a current community-based program called the Common Weaknesses Enumeration project, which is sponsored by The Mitre Corporation to identify and describe such weaknesses. The list, which is currently in a very preliminary form, contains descriptions of common software weaknesses, faults, and flaws.
Software security assurance There are many commercial off-the-shelf (COTS) software packages that are available to support software security assurance activities. However, before they are used, these tools must be carefully evaluated and their effectiveness must be assured.
Software security assurance Software Security Assurance (SSA) is the process of ensuring that software is designed to operate at a level of security that is consistent with the potential harm that could result from the loss, inaccuracy, alteration, unavailability, or misuse of the data and resources that it uses, controls, and protects.
Software security assurance A non-conformance may be simple–the most common is a coding error or defect–or more complex (i.e., a subtle timing error or input validation error). The important point about non-conformance is that verification and validation techniques are designed to detect them and security assurance techniques are designed to prevent them. Improvements in these methods, through a software security assurance program, can improve the security of software.
Open-source software security There are a variety of models and metrics to measure the security of a system. These are a few methods that can be used to measure the security of software systems.
ThreatTrack Security Sunbelt Software was acquired by GFI Software Inc. in 2010, becoming the GFI Software Security Business Unit . GFI Software announced plans to spin off its Security Business Unit in March 2013, when ThreatTrack began operations as an independent company.
Software security assurance The software security assurance process begins by identifying and categorizing the information that is to be contained in, or used by, the software. The information should be categorized according to its sensitivity. For example, in the lowest category, the impact of a security violation is minimal (i.e. the impact on the software owner's mission, functions, or reputation is negligible). For a top category, however, the impact may pose a threat to human life; may have an irreparable impact on software owner's missions, functions, image, or reputation; or may result in the loss of significant assets or resources.
Open-source software security Source code is often checked, or audited, by developers to ensure that is has no security flaws. Supporters of open source software submit that the public availability of the source code allows more developers to inspect it, and therefore increases the likelihood of security bugs being located and fixed. Detractors submit that the source code's accessibility allows malicious users to find vulnerabilities more easily. Further benefits and drawbacks of open source software are shown below.
Tom Parker (information security) In 2000 he founded a security consulting company, Global InterSec, to do software security research, and increase awareness of software security vulnerabilities throughout the public and private sectors. He is now a consulting practice director at a Washington DC-based security consulting firm, Securicon LLC, whose customers include large power generation and petrochemical organizations, as well as the federal government.
Fortify Software Fortify offerings included Static Application Security Testing and Dynamic Application Security Testing products, as well as products and services to support Software Security Assurance, or repeatable and auditable secure behaviors, over the course of a software application's life cycle.