I have recently finished the Software Security course by Michael Hicks, from the Maryland Cybersecurity center.
I felt the course was interesting and useful. It covered:
– Old school buffer overflows/format string attacks and defenses
– Web attacks such as SQL injection, Cross-site Scripting, Cross-site request forgery and Session hijacking.
– Automated Tools – code review, static analysis, symbolic execution
– Penetration Testing
Classes are in a video format. There are projects (nicely presented in a Linux VM – I didn't do these), several suggested readings and quizzes.
Most of the classes have closed captions, and Coursera allows to speed up videos, too – even in their iOS/Android apps.
The course took me about 14 hours, including the interviews (which are considered optional, and are somewhat interesting).
Overall, very useful, specially for newer programmers. I'm sure if courses like this were required for most programmers, the landscape on cybersecurity today would be very different.
A lot of the general safety practices (defensive programming, etc) can be found in the still very good Code Complete 2 – which I recommend reading anyway if you are a programmer.
