50% Finished

As of today, I have officially  finished  50% of the UMUC cybersecurity software development program. I'm looking back at spring posts and laughing at some of the bumps I had in UMUC's pre-programming course. SQL, basic programming concepts, and OOP have engrained themselves more fully in my mind since I've taken Java II, SDEV350/300 (basically oracle/aws, php/mysql). I hope this blog will remind me later that I worked hard to accomplish my goals and that it wasn't always sunshine and rainbows.

Here's a recap of the classes. Keep in mind that the first 4 classes at UMUC were not  focused on security. Intro to Algorithims focused on the utmost basics of programming. CMIS 320 was a class strictly on understanding the basics of sql and databases. Java I & II focused on oop and more advanced programming topics, but did not investigate any secure coding practices. Finally though this fall I got into the SDEV courses (security development); CMIS 300 investigated OWASP top 10 vulnerabilities, the ZAP Scanner program, mysql, php, and CWE codes. SDEV 350 was focused on using secure AWS RDS practices, Oracle architecture programming, and auditing practices.

Here's a breakdown of the coursework:

SDEV 300

Pros:

-Learned how to use the ZAP scanner program and automatic bug scanners in general

-Coded in php and learned about sql injections

-Learned about php form validation, sanitation, and prepared statements

Cons: 

-Relating to UMUC in general, I truly feel this school is about independent learning...the teacher was there to simply clarify certain learning objectives or obscure instructions. The teachers do not teach at UMUC. I plan on creating a youtube video actually about UMUC in general; I hope it will help me vent some of my frustrations and adda-boys with the school.

-The coursework was overall straightforward, thank god. The only lab that was truly confusing was the last week's lab. The lab was confusing because the application did not work correctly. This was not required to complete the lab, however, it was questionable to what degree I was expected to 'find and fix' bugs in an application that isn't functional in the first place. In any case, I got an A in the course so I wasn't terribly worried.

SDEV 350

Pros: 

-I got to work in-depth with oracle architecture, keywords, profiles, roles, user creation, permissions, etc. This went far more in-depth than the CMIS 320 course.

-I got to start and manage an AWS RDS instance. I hear AWS might be important to at least navigate (Eli the Computer Guy talked about AWS outposts). I feel if I ever need to know EC2,S3 storage etc it shouldn't be terribly difficult to learn it.

-I got to practice Auditing. I learned how to create audit roles, and utilized the unified audit trail in Oracle. I might one day get my CISA so this course helped prepare me for that. 

Cons:

-AWS and oracle documentation did not always match up. For several projects including the auditing and creation of DBA permissions the Oracle documentation would not always work with the AWS system. The teacher did not forewarn us about this issue, and I would have liked to have a heads up about it. 

-Some of the presentations were old; I wonder if the teachers create their own presentations or simply graft it from the last teacher who taught the course. It seemed some slides hadn't been updated.

Overall, I'm happy with my performance this fall. Here are some personal projects I'm starting on during the x-mas break: 

1. Building my mid-tier computer this christmas (i7 8700k, 32gb ram, 1tb ssd, etc.).

2. Building my home-lab.

3. Reading the three books: Sql Injections Attacks and Defense by Justin Clarke, Building Virtual Machine Labs: A Hands-On Guide by Tony V Robinson, and Nmap 6 Cookbook by Nicholas Marsh.
4. Learning powershell and data-loss recovery via udemy