DV2596 Web System Security

Content

• Basics and methods of protection in web, encryption and email protocols.
• Web system architectures
• Web attacks and vulnerabilities
• Authentication / Authorization
• Client attacks and protection in modern browsers
• Server attacks, such as remote command execution.
- Attack techniques and avoidance of protection, such as code reuse attacks different version of vulnerabilities and attacks such as in-band, blind, out-of-band and second-order.
• Enumeration attacks and disclosure and leakage of information
• Remote command execution
• Disclosure and leakage of information
• Logical attacks
• Development of protected sites
• Open Web Application Security Project (OWASP) is used for implementation / testing
• Security review of a WEB site

Learning outcomes

Knowledge and understanding
• be able to explain web protocols based on known vulnerabilities and weaknesses
• be able to describe the Common Vulnerability Scoring System (CVSS)
• be able to explain web protocols based on known vulnerabilities and weaknesses
• be able to explain the security aspects when using languages and framework, eg. PHP, JavaScript, and SQL
• be able to explain authentication mechanisms and counter techniques to bypass authentication
• understand Cross-site scripting (XSS) attacks and SQL injections
• be able to explain impacts of one or more combined vulnerabilities that limit or extend the damage given
Competence and skills

• be able to install and configure the web server for high security independently
• be able to use and search open vulnerability databases (Comon Vulnerability databases CV -DB)
to prevent and find security problems
• be able to use best practice of known design patterns for secure web applications
• be able to utilize OWASP where applicable
• be able to conduct internal and external penetration testing of web applications and related infrastructure
Judgement and approach
• Analyze and evaluate security information in a WEB client / server system
• be able to identify vulnerabilities, weaknesses and implement appropriate improvement.

Course literature and other teaching material

Course literature and other teaching material

Learning methods

The teaching is organised around online lectures, pre-recorded videos, together with written material, literature, and research literature. Throughout the course, communication, feedback, and discussions with teachers and fellow participants will take place through email and the course’s online learning platform.

Work placement

No work placement is included in the planned learning activities. BTH is aiming for a close contact with the surrounding community when developing courses and programmes.

Teachers

Time allocation

On average, a student should study 200 hours to reach the learning outcomes.
This time includes all the various available learning activities (lectures, self studies, examinations, etc.).
This estimation is based on the fact that one academic year counts as 60 ECTS credits,
corresponding to an average student workload of 1 600 hours. This may vary individually.

Assessments

Grading

The course will be graded G Pass, UX Insufficient, supplementation required, U Fail.

Exams

Course Evaluation

The course manager is responsible for the views of students on the course being systematically and regularly gathered and that the results of the evaluations in various forms affect the form and development of the course.