DV2596 Web System Security
Single subject course, 7,5 Higher education credits, Second cycle, autumn semester 2020
It is no longer possible to apply to this option
Web application security encompasses that the student should learn to understand and discover weaknesses and vulnerabilities in web applications both on the server side and on the client side as well as be able to develop solutions for protection and conduct tests.
Experience of operation or development of WEB applications and knowledge in HTTP, SQL, and PHP is desirable.
Facts
- Type of instruction: Distance, mixed-time, part-time 25%
- Period : 2020-August-31 until 2021-January-17
- Education level: A1N
- Application: It is no longer possible to apply to this option
- Language of instruction: The language of instruction is English.
- Location: Some or all of education and examination is held at distance.
- No. of occasions: Mandatory: none, Voluntary: none
- Main field of study: Computer Science
- Course syllabus: Download
- Welcome letter: Download
- Entry requirements: Admission to the course requires at least 120 credits, of which at least 90 credits are in a technical area, and a minimum of 2 years professional experience within an area related to software-intensive product and/or service development (shown by, for example, a work certificate from an employer).
Content
• Basics and methods of protection in web, encryption and email protocols.
• Web system architectures
• Web attacks and vulnerabilities
• Authentication / Authorization
• Client attacks and protection in modern browsers
• Server attacks, such as remote command execution.
- Attack techniques and avoidance of protection, such as code reuse attacks different version of vulnerabilities and attacks such as in-band, blind, out-of-band and second-order.
• Enumeration attacks and disclosure and leakage of information
• Remote command execution
• Disclosure and leakage of information
• Logical attacks
• Development of protected sites
• Open Web Application Security Project (OWASP) is used for implementation / testing
• Security review of a WEB site
Learning outcomes
Knowledge and understanding
• be able to explain web protocols based on known vulnerabilities and weaknesses
• be able to describe the Common Vulnerability Scoring System (CVSS)
• be able to explain web protocols based on known vulnerabilities and weaknesses
• be able to explain the security aspects when using languages and framework, eg. PHP, JavaScript, and SQL
• be able to explain authentication mechanisms and counter techniques to bypass authentication
• understand Cross-site scripting (XSS) attacks and SQL injections
• be able to explain impacts of one or more combined vulnerabilities that limit or extend the damage given
Competence and skills
• be able to install and configure the web server for high security independently
• be able to use and search open vulnerability databases (Comon Vulnerability databases CV -DB)
to prevent and find security problems
• be able to use best practice of known design patterns for secure web applications
• be able to utilize OWASP where applicable
• be able to conduct internal and external penetration testing of web applications and related infrastructure
Judgement and approach
• Analyze and evaluate security information in a WEB client / server system
• be able to identify vulnerabilities, weaknesses and implement appropriate improvement.
Course literature and other teaching material
Materials such as research articles and other course materials, as well as recommendations for additional reading, are provided via the courses? online platform.
Course literature and other teaching material
Materials such as research articles and other course materials, as well as recommendations for additional reading, are provided via the courses? online platform.
Learning methods
The teaching is organised around online lectures, pre-recorded videos, together with written material, literature, and research literature. Throughout the course, communication, feedback, and discussions with teachers and fellow participants will take place through email and the course’s online learning platform.
Work placement
No work placement is included in the planned learning activities. BTH is aiming for a close contact with the surrounding community when developing courses and programmes.
Teachers
Examiner
Course Manager
Time allocation
On average, a student should study 200 hours to reach the learning outcomes.
This time includes all the various available learning activities (lectures, self studies, examinations, etc.).
This estimation is based on the fact that one academic year counts as 60 ECTS credits,
corresponding to an average student workload of 1 600 hours. This may vary individually.
Assessments
Grading
The course will be graded G Pass, UX Insufficient, supplementation required, U Fail.
Exams
More information about exams are found in the Student's Portal, where you also enrolls for most exams.
There might be other scheduled examinations. Information regarding these examinations are available in the learning platform Canvas or at other places that the person who is responsible of the course will refer to.
Course Evaluation
The course manager is responsible for the views of students on the course being systematically and regularly gathered and that the results of the evaluations in various forms affect the form and development of the course.
Related courses
Adaptive Lean Software Testing 7,5 credits
Agile and Lean Development of Software Intensive Products 7,5 credits
Applied Cloud Computing and Big Data 7,5 credits
Bachelor's Thesis in Computer Science 15 credits
Bachelor's Thesis in Software Engineering 15 credits
Behavioural Software Engineering 5 credits
Digital Image Processing 5 credits
Global Software Engineering 7,5 credits
Machine Learning for Streaming Data 5 credits
Master's Thesis (120 credits) in Software Engineering 30 credits
Mobile Applications Development 7,5 credits
Product and Requirements Management for Digital Environments 7,5 credits
Programming in Python, second course 6 credits
Security in Software-intensive Product and Service Development - an introduction 6 credits