DV2596 Web System Security

Single subject course, 7,5 Higher education credits, Second cycle, autumn semester 2020

It is no longer possible to apply to this option

Web application security encompasses that the student should learn to understand and discover weaknesses and vulnerabilities in web applications both on the server side and on the client side as well as be able to develop solutions for protection and conduct tests.

Experience of operation or development of WEB applications and knowledge in HTTP, SQL, and PHP is desirable.

Facts

  • Type of instruction: Distance, mixed-time, part-time 25%
  • Period : 2020-August-31 until 2021-January-17
  • Education level: A1N
  • Application: It is no longer possible to apply to this option
  • Language of instruction: The language of instruction is English.
  • Location: Some or all of education and examination is held at distance.
  • No. of occasions: Mandatory: none, Voluntary: none
  • Main field of study: Computer Science
  • Course syllabus: Download
  • Welcome letter: Download
  • Entry requirements: Admission to the course requires at least 120 credits, of which at least 90 credits are in a technical area, and a minimum of 2 years professional experience within an area related to software-intensive product and/or service development (shown by, for example, a work certificate from an employer).

Content

• Basics and methods of protection in web, encryption and email protocols.
• Web system architectures
• Web attacks and vulnerabilities
• Authentication / Authorization
• Client attacks and protection in modern browsers
• Server attacks, such as remote command execution.
- Attack techniques and avoidance of protection, such as code reuse attacks different version of vulnerabilities and attacks such as in-band, blind, out-of-band and second-order.
• Enumeration attacks and disclosure and leakage of information
• Remote command execution
• Disclosure and leakage of information
• Logical attacks
• Development of protected sites
• Open Web Application Security Project (OWASP) is used for implementation / testing
• Security review of a WEB site

Learning outcomes

Knowledge and understanding
• be able to explain web protocols based on known vulnerabilities and weaknesses
• be able to describe the Common Vulnerability Scoring System (CVSS)
• be able to explain web protocols based on known vulnerabilities and weaknesses
• be able to explain the security aspects when using languages and framework, eg. PHP, JavaScript, and SQL
• be able to explain authentication mechanisms and counter techniques to bypass authentication
• understand Cross-site scripting (XSS) attacks and SQL injections
• be able to explain impacts of one or more combined vulnerabilities that limit or extend the damage given
Competence and skills

• be able to install and configure the web server for high security independently
• be able to use and search open vulnerability databases (Comon Vulnerability databases CV -DB)
to prevent and find security problems
• be able to use best practice of known design patterns for secure web applications
• be able to utilize OWASP where applicable
• be able to conduct internal and external penetration testing of web applications and related infrastructure
Judgement and approach
• Analyze and evaluate security information in a WEB client / server system
• be able to identify vulnerabilities, weaknesses and implement appropriate improvement.

Course literature and other teaching material

Materials such as research articles and other course materials, as well as recommendations for additional reading, are provided via the courses? online platform.

Course literature and other teaching material

Materials such as research articles and other course materials, as well as recommendations for additional reading, are provided via the courses? online platform.

Learning methods

The teaching is organised around online lectures, pre-recorded videos, together with written material, literature, and research literature. Throughout the course, communication, feedback, and discussions with teachers and fellow participants will take place through email and the course’s online learning platform.

Work placement

No work placement is included in the planned learning activities. BTH is aiming for a close contact with the surrounding community when developing courses and programmes.

Teachers

Examiner
  1. Anders Carlsson
Course Manager
  1. Anders Carlsson

Time allocation

On average, a student should study 200 hours to reach the learning outcomes.
This time includes all the various available learning activities (lectures, self studies, examinations, etc.).
This estimation is based on the fact that one academic year counts as 60 ECTS credits,
corresponding to an average student workload of 1 600 hours. This may vary individually.

Assessments

Grading

The course will be graded G Pass, UX Insufficient, supplementation required, U Fail.

Exams

More information about exams are found in the Student's Portal, where you also enrolls for most exams.


There might be other scheduled examinations. Information regarding these examinations are available in the learning platform Canvas or at other places that the person who is responsible of the course will refer to.

Course Evaluation

The course manager is responsible for the views of students on the course being systematically and regularly gathered and that the results of the evaluations in various forms affect the form and development of the course.

Do you have a question? Type it here and we will get back to you as soon as possible!
×