Scribd Logo
Upload

Welcome to Scribd!

  • Bci3001 Web-Security Eth 1.0 41 Bci3001

    Uploaded by

    coder ppl
    8 views2 pages
    1. The document outlines a course on web security that aims to teach students fundamental techniques for developing secure web applications and identifying vulnerabilities. 2. The course consists of 8 modules covering topics like introduction to web security, web application technologies, authentication, session management, security principles, and vulnerabilities. 3. Students will learn how to implement security mechanisms, evaluate security, and conduct experiments like reconnaissance, vulnerability scanning, and assessing password and browser security.

    Original Description:

    Original Title

    BCI3001_WEB-SECURITY_ETH_1.0_41_BCI3001

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1. The document outlines a course on web security that aims to teach students fundamental techniques for developing secure web applications and identifying vulnerabilities. 2. The course consists of 8 modules covering topics like introduction to web security, web application technologies, authentication, session management, security principles, and vulnerabilities. 3. Students will learn how to implement security mechanisms, evaluate security, and conduct experiments like reconnaissance, vulnerability scanning, and assessing password and browser security.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views2 pages

    Bci3001 Web-Security Eth 1.0 41 Bci3001

    Uploaded by

    coder ppl
    1. The document outlines a course on web security that aims to teach students fundamental techniques for developing secure web applications and identifying vulnerabilities. 2. The course consists of 8 modules covering topics like introduction to web security, web application technologies, authentication, session management, security principles, and vulnerabilities. 3. Students will learn how to implement security mechanisms, evaluate security, and conduct experiments like reconnaissance, vulnerability scanning, and assessing password and browser security.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    BCI3001 WEB SECURITY L T P J C

    2 0 2 4 4
    Pre-requisite NIL Syllabus version
    v1.0
    Course Objectives:
    1.To study and practice fundamental techniques in developing secure web based applications
    2.To identify and find the vulnerabilities of web based applications and to protect those applications
    from attacks

    Expected Course Outcome:


    1.To understand security-related issues in Web-based systems and applications.
    2.To understand the fundamental mechanisms of securing a Web-based system.
    3.To be able to implement security mechanisms to secure a Web-based application.
    4.To be able to evaluate a Web-based system with respect to its security requirements

    Student Learning Outcomes (SLO): 1,2,10,14,17,18


    Module:1 Introduction 3 hours
    Introduction - Evolution of Web Applications - Web Application Security - Core Defence
    Mechanisms - Handling User Access - Handling User Input- Handling Attackers - Managing the
    Application - The OWASP Top Ten List

    Module:2 WEB APPLICATION TECHNOLOGIES 4 hours


    Web Functionality Encoding Schemes Mapping the Application - Enumerating the Content and
    Functionality Analysing the Application Bypassing Client Side Controls : Transmitting Data Via
    the Client Capturing User Data Handling Client Side Data Securely - Input Validation, Blacklist
    Validation - Whitelist Validation - The Defence-in-Depth Approach - Attack Surface Reduction
    Rules of Thumb

    Module:3 WEB APPLICATION 4 hours


    AUTHENTICATION
    Authentication Fundamentals- Two Factor and Three Factor Authentication - Password Based,
    Built-in HTTP, Single Sign-on Custom Authentication- Secured Password Based Authentication:
    Attacks against Password, Importance of Password Complexity - Design Flaws in Authentication
    Mechanisms - Implementation Flaws in Authentication Mechanisms - Securing Authentication

    Module:4 SESSION MANAGEMENT 3 hours


    Need for Session Management Weaknesses in Session Token Generation Weaknesses in Session Token
    Handling Securing Session Management; Access Control : Access Control Overview, Common
    Vulnerabilities Attacking Access Controls Securing Access Control.

    Module:5 WEB SECURITY PRINCIPLES 3 hours


    Origin Policy, Exceptions Cross Site Scripting, Cross Site Forgery Scripting; File Security
    Principles: Source Code Security, Forceful Browsing, Directory Traversals- Classifying and
    Prioritizing Threats Origin Policy.

    Module:6 WEB APPLICATION 6 hours


    VULNERABILITY
    Understanding Vulnerabilities in Traditional Client Server Application and Web Applications,
    Client State Manipulation, Cookie based Attacks, SQL Injection, Cross Domain Attack (XSS/
    XSRF/ XSSI), HTTP Header Injection, SSL Vulnerabilities And Testing - Proper Encryption use
    in Web Application - Session Vulnerabilities and Testing - Cross-Site Request Forgery

    Module:7 EXPLOITING SYSTEMS 5 hours


    Path Traversal - Finding and Exploiting Path Traversal Vulnerability Preventing Path Traversal
    Vulnerability Information Disclosure - Exploiting Error Messages Securing Compiled Applica-
    tions Buffer Overflow Vulnerability Integer Vulnerability Format String Vulnerability.

    Module:8 Contemporary Issues: RECENT TRENDS 2 hours


    Very large Scale Integrated circuits (VLSI), Field Programmable Gate Arrays(FPGA).

    Total Lecture hours: 30 hours

    Text Book(s)
    1. B. Sullivan, V. Liu, and M. Howard, Web Application Security, A B Guide. New York:
    McGraw-Hill Education, 2011. (ISBN No.: 978-0-07-177616-5).
    2. D. Stuttard and M. Pinto, , 2nd ed. Indianapolis, IN: Wiley, John Sons, 2011. (ISBN No. :
    978-1-118-02647-2)
    Reference Books
    1. Hanqing and L. Zhao, Web Security: A Whitehat Perspective. United Kingdom: Auerbach
    Publishers, 2015.(ISBN No.: 978-1-46-659261-2).
    2. M. Shema and J. B. Alcover, Hacking Web Apps: Detecting and Preventing Web Application
    Security Problems. Washington, DC, United States: Syngress Publishing, 2014.(ISBN No.
    978-1-59-749951-4)
    Mode of Evaluation: CAT / Assignment / Quiz / FAT / Project / Seminar
    List of Challenging Experiments (Indicative)
    1 Reconnaissance on any popular websites 3 hours
    2 Crawling a website 3 hours
    3 Vulnerability scanning 3 hours
    4 Cookie Stealing with cross site scripting 3 hours
    5 Commit identity theft 3 hours
    6 Website Security implementation Apache hardening, MySQL hardening, PHP 3 hours
    hardening
    7 XSS and SQL injections 3 hours
    8 Password security 3 hours
    9 Browser security 3 hours
    10 Web application security assessment 3 hours
    Total Laboratory Hours 30 hours
    Mode of assessment: Project/Activity
    Recommended by Board of Studies 28-02-2017
    Approved by Academic Council No. 41 Date 16-03-2017

    You might also like