Chevron Left
Back to Hacking and Patching

Hacking and Patching, University of Colorado System

30 ratings
9 reviews

About this Course

In this MOOC, you will learn how to hack web apps with command injection vulnerabilities in a web site of your AWS Linux instance. You will learn how to search valuable information on a typical Linux systems with LAMP services, and deposit and hide Trojans for future exploitation. You will learn how to patch these web apps with input validation using regular expression. You will learn a security design pattern to avoid introducing injection vulnerabilities by input validation and replacing generic system calls with specific function calls. You will learn how to hack web apps with SQL injection vulnerabilities and retrieve user profile information and passwords. You will learn how to patch them with input validation and SQL parameter binding. You will learn the hacking methodology, Nessus tool for scanning vulnerabilities, Kali Linux for penetration testing, and Metasploit Framework for gaining access to vulnerable Windows Systems, deploying keylogger, and perform Remote VNC server injection. You will learn security in memory systems and virtual memory layout, and understand buffer overflow attacks and their defenses. You will learn how to clone a Kali instance with AWS P2 GPU support and perform hashcat password cracking using dictionary attacks and known pattern mask attacks....
Filter by:

9 Reviews

By Robert Cantrell

Nov 16, 2018

very informative


Oct 28, 2018

great course

By Rajath C S

Oct 07, 2018

Its a great course to get started for anyone into the domain of information security, one might feel difficult with the instructor's accent but the support is great. W

By Varun Sharma

Sep 25, 2018

Very hard to understand Chinese English. This course has 2 challenges first to understand English second to understand the topic.

By Deleted Account

Aug 27, 2018

Poor materials and course content.

By vighnesh jha

Jul 02, 2018

didnt like it

By L Barrera

Apr 05, 2018

This a very good course for beginners. However, it would be much better if the practical exercises were constantly reviewed to assure compatibility and coherence. There are several inconsistencies which prevent to properly complete the exercises unless you solve them... But if you are capable of solve them, perhaps you don't need the course....

By Niels Tag

Feb 27, 2018

good content overall, very interesting challenges in the practical coursework.

very poor instructions however which often did not work! required setting up a cloud server and no instructions for doing so. asking for screenshots to grade coursework but coursera does not support uploading screenshots. instructor is very experienced in his field but hard to understand, often the subtitles say "INAUDIBLE" so some parts are impossible to follow.

By Yannick Schmitt

Jan 22, 2018

I'm sorry that I have to give a bad rating on a course with such a rare but highly interesting topic. But while the assignments indeed made me learn a lot, pretty much nothing in this course is really well made.- Chow's English is really hard to follow- Chow's talks frequently get interrupted in the middle of the sentence by quizzes that pop up during the video lectures- Those (ungraded) quizzes often refer to later parts of the talk actually, so with no further knowledge you'll often have to guess at the point in time when they are presented- After almost every video, a readings page is presenting some links, and many if not most of them are broken. The URLs have to be manipulated in different ways to get the actual content.- The assignments require you to use Amazon's commercial AWS service. AWS offers a free tier for basic usage, but this free tier won't be enough to complete the last assignment, where you won't be charged much (unless you make some mistake), but you will be charged nonetheless. (Even for the free tier, registration is not possible without entering credit card information.)- The assignments of this course assume that you have an AWS instance set up exactly as described in course 1 of this specialization. If you didn't enroll in that course, there is no information given to you at all on how about to set this up, and you have to rely on somebody giving you a link to the according PDF in the forums.- The last assignment requires to clone a certain AWS Machine Image, which is not available any more. Some learner set up a replacement for it and posted instructions on how to use it, rather than Chow and his team.- The assignment documents miss any information on how to use some of the tools it does use. If you don't know how to transfer a file via SSH or use the VI editor, you'll have to google that yourself.- In the descriptions of the actual tasks, the assignment documents contain several critical errors, e.g. wrong file or variable names, so if you follow the words of the instructions perfectly, you won't be able to complete any of the assignments.- In the end of assignments 1 and 2, you are expected to submit series of screenshots, but are neither given an "Upload" button in the "Submit assignment" page nor any instructions on how to proceed otherwise.- When reviewing the assignments from others, there are no criteria given based which you should give points; it's always just "Does the learner know how to...? (yes/no/partly)", usually no information on what to expect in the answers and when to give the full amount of points or a part of it. This will not only make reviewing much harder than it should be, you will also receive very different amounts of points from different reviewers for the same assignment, even though due to the nature of the tasks the results are usually pretty much either fully correct or completely incorrect.I (and fellow learners) reported several such issues both via the "Report problem" button on each page and the discussion forums. It was not before the very end of my enrollment, but I finally received some feedback from Chow's staff, thanking me for my reports and telling me that they "are currently looking into resolving this issues" and, just a bit later, that "a revised version of [one assignment document] has been uploaded". So there is a chance that the course will improve in the future (though I did not spot a single improvement in said document on a quick look).