Week 01: Web Security

Dr. Mohammed Alfateh Hassouna

Sudan International University

hassounatop@gmail.com

November 2, 2020

Dr. Mohammed Alfateh Hassouna (SIU) Week 01: Web Security November 2, 2020 1/9
Introduction

The Internet continues to change the role that software plays in the
business world.
The invisible hand of Internet software enables e-business, automates
supply chains, and provides instant, worldwide access to information
At the same time, Internet software is moving into our cars, our
televisions and our home security systems(Internet of Things IoT).
Web applications present the largest category of security risk today.
The Web/Internet is just the most obvious avenue of attack in most
systems.

Dr. Mohammed Alfateh Hassouna (SIU) Week 01: Web Security November 2, 2020 2/9
Course Objectives

Have a comprehensive understanding of the vulnerabilities associated

with providing active/dynamic web content.
Understand how the above vulnerabilities affect the design,
implementation, and maintenance of active/dynamic web content.
Know how to conduct an audit/review of an existing system to
identify and correct for security vulnerabilities.
Address Web Service and its security.
Overview of concrete threats against web applications.
Current best practices for secure web applications.

Dr. Mohammed Alfateh Hassouna (SIU) Week 01: Web Security November 2, 2020 3/9
Course Learning Outcomes

On completion of this module, students should be able to:

Get hands-on experience on web programming.
Identifying underlying security principles of the web.
Critically audit web applications for security flaws.
Design and implement exploits for real security bugs.
Develop secure web applications.

Dr. Mohammed Alfateh Hassouna (SIU) Week 01: Web Security November 2, 2020 4/9
Course Prerequisites

Basic knowledge of web and its protocols like HTTP.

Basic knowledge of some web programming languages like Java, PHP
or Python.
Basic understanding of SQL
The ability to read and understand JavaScript code

Dr. Mohammed Alfateh Hassouna (SIU) Week 01: Web Security November 2, 2020 5/9
Course Outlines

Overview of web and its security

Web security model
Browser security model including same origin policy
Client- server trust boundaries, e.g., cannot rely on secure execution
in the client
Session management, authentication
Single sign-on, HTTPS and certificates

Dr. Mohammed Alfateh Hassouna (SIU) Week 01: Web Security November 2, 2020 6/9
Course Outlines(Cont)

Application vulnerabilities and defenses, SQL injection

XSS, CSRF, Client-side security
Cookies security policy
HTTP security extensions, e.g. HSTS, Plugins, extensions, and web
apps
Web user tracking
Server - side security tools, e.g. Web Application Firewalls (WAFs)
and fuzzers
Web service’s security

Dr. Mohammed Alfateh Hassouna (SIU) Week 01: Web Security November 2, 2020 7/9
Assessment Method

1 Assignments and quizzes 20.

2 Midterm exam 30.
3 Final exam 50.
4 Total 100.

Dr. Mohammed Alfateh Hassouna (SIU) Week 01: Web Security November 2, 2020 8/9
References

Bryan Sullivan, Vincent Liu ”Web Application Security, A Beginner’s

Guide”, McGraw-Hill Osborne Media; 1st edition, 2011.
Ivan Ristik. ModSecurity Handbook. Feisty Duck, Ltd. 2010.
Open Web Application Security Project. OWASP Top 10: The Ten
Mist Critical Web Application Security Vulnerabilities.

Dr. Mohammed Alfateh Hassouna (SIU) Week 01: Web Security November 2, 2020 9/9