Hello, and welcome to this introductory course on security problems in programming. This is a second course in the Secure Programming Specialization offered by UC Davis. My name is Sandra Escandor-O'Keefe, and I have almost 10 years of combined experience working both as a software developer and then as a security engineer. I started my career as a software developer specializing in systems level software development using languages such as C and C++. After five years as a software developer, I then started on my specialization as a security engineer. As a security engineer, I've had fun working on application security, open-source code review, and vulnerability research. I've also had the pleasure of giving talks about security at ShmooCon and ThotCon, and participate in a panel discussion on DevSecOps at the RSA conference. Over the next several weeks, I will help you to build an understanding of some of the fundamental concepts in secure program. In the first module, we'll discuss concepts in threat modeling and cryptography. You'll be able to start to create threat models and think critically about the threat models created by other people. You will also gain a basic understanding of applied cryptography such as encryption and secure hashing. In the second module, we'll discuss issues with improperly handling user-controlled data. At the very least, it is fascinating to understand how attackers can exploit application vulnerabilities in order to perform malicious activities. But on a much more important level, it helps those of us who work on creating and maintaining application code to protect the users who use our applications. In this module, you will gain a fundamental understanding of injection problems in web applications. You'll be able to discuss and describe the three most common types of injection problems: SQL injection, Cross-site Scripting, and Command injection. In the third module, we'll discuss issues with application authentication and session management. Authentication is a major component of a secure web application, it ensures that only those users who are properly identified and allowed to use application are able to access application resources. Session management is the other side of the same coin, since the authenticated state of user requests need to be properly handled and run as one session. You'll be able to evaluate a system to determine if it follows the generally prescribed secure methods for authentication and session management in web applications. You'll be able to distinguish the relationship between authentication, session management, and access control. In the final module, we'll discuss issues with sensitive data exposure. Sensitive data exposure issues are important to know so that you can help protect your customer's data. You'll be able to understand how to effectively store password-related information and not to store the actual plain text passwords. You will also have a hands-on coding assignment that will help you to better understand the mechanisms for effectively storing password-related information. Along the way, we'll discuss ways of watching out for and mitigating these issues mentioned in these modules. You will also be able to have some fun and exploit two different vulnerabilities in a web application that was designed to be vulnerable, called WebGoat. Software security is a really fascinating topic, and I hope that you have a lot of fun learning about software security during these several weeks. We have a lot to cover. So let's dive in.