CourseCode CYBERSECURITYANDAPPLICATIONS L T P C

2 0 1 2
COURSEOBJECTIVE

The objective of this course is to provide knowledge on the threats and vulnerabilities to web
applications.Thisisverycrucialduetothedependenciesoftoday’sworldonwebappsanddigital
transactions. The course also provides details on how to secure our computer network systems
from malicious activities and attacks.
UNIT-I NetworkingandWebTechnology 7hours
NetworkComponents-Network Basics-NetworkCommunication-WebTechnologies TCPIP-
Web Services
UNIT-II IntroductiontoCyber Security 8hours
RecentCyberAttacks-CyberSecurityConcepts-LayersofCyberSecurity-Introductionto
ApplicationSecurity-SecureCodingOWASPTop10-CodingPracticesSecureDesign–Closure
[Practical demos and code on OWASP vulnerabilities and how to mitigate them]
UNIT-III FundamentalsofInformationSecurity&FundamentalsofCryptography
7hours
Whyinformationsecurity? -Whatisinformationsecurity?-DataSecurity-Networksecurity-
ApplicationSecurity–Closure.WhyCryptography?–Cryptography-SharedKeyCryptography –
Illustration - Shared Key Cryptography - Public Key Cryptography – Illustration - Public Key
Cryptography–Hashing-DigitalSignature–Illustration-DigitalSignature-Applicationsof
cryptography–Conclusion[Algorithmicrepresentationofcryptographicmethods]
UNIT-IV ThreatModeling&IdentityandAccess management 6hours
BasicsofThreatModeling-LearnThreatModelingwithaUseCase-ToolWalkthrough-MS
ThreatModelingTool–Assignment-IntroductiontoIdentityandAccessManagement -What next

UNIT-V JavaSE11Programmer II:SecureCodingin JavaSE11 Applications 7hours

Course Overview – Managing Denial of Service – Securing Information – Managing Data
Integrity – Accessibility and Extensibility – Securing Objects – Serialization and Deserialization
Security–JCAanditsPrinciples–ProviderArchitecture–EngineClass–KeyPairGeneration–
SignatureManagement–UnsecuretoSecureObject–CourseSummary.[DemosofSecure
CodinginJava]
UNIT-VI SecurityStandardsandRegulations 5hours
PCIDSS–ISMS-FIPSandNISTSpecialPublications–FISMA–GDPR–HIPAA–SOX-Conclusion
UNIT-VII IdentityGovernanceandAdministration 5hours
NeedforIGA&basicsconcepts-IGABasicConceptsandOnboarding-IGAGovernance-
IdentityAdministrationinIGA-Whatnext?

Total:45Periods
COURSEOUTCOMES

Oncompletionofthecourse,studentswillbeableto:
CO1: Identifynetworkcomponents,gainawarenessonDHCP,DNSServerandTCP/IP
architecture
CO2: Gainunderstandingofthreatmodellinganditsimportanceinthedesignofweb
applications
CO3: InvestigatehowtosecurewebapplicationswrittenusingJavaTechnology.Apply
securecodingtechniquesinJava,Python,C/C++Programming Languages
CO4: PracticeidentificationofOWASPvulnerabilitiesandmitigationtechniques
CO5: GainunderstandingoftheimportanceofSecurityStandardsandRegulationslike
PCIDSS,ISMS,FIPS,NISTSpecialPublications,FISMA, GDPR,HIPAAandSOX
CO6: RecognizeIdentity Governance andAdministration (IGA)- what problems IGA
solutionssolve;governancemodelslike-roles,certifications,policiesandidentity
lifecyclemanagement

FORFURTHER READING
1 NetworkingFundamentals,2019edition,Packt,Author:GordonDavies
2 PrinciplesofInformationSecurity,Authors:Michael E.Whitmanand HerbertJ.Mattord,
Coursetechnologyincorp
3 CSSLPSECURESOFTWARELIFECYCLEPROFESSIONALALL-IN-ONEEXAMGUIDE,Third
Edition, 3rd Edition, Authors: Wm. Arthur Conklin, Daniel Paul Shoemaker,
ReleasedFebruary 2022,Publisher(s): McGraw-Hill,ISBN: 9781264258215

REFERENCE
1 https://infyspringboard.onwingspan.com/en/app/toc/
lex_auth_012683751296065536354_shared/contents(Network Fundamentals)
2 https://infyspringboard.onwingspan.com/en/viewer/html/lex_auth_01350156965715
96809160(CertifiedSecureSoftwareLifecycleProfessional(CSSLP)2019:SecureCoding
Practices)
3 https://infyspringboard.onwingspan.com/en/viewer/html/lex_auth_01350156899275
57129660(OWASPTop10:WebApplicationSecurity)
4 https://infyspringboard.onwingspan.com/en/viewer/html/
lex_auth_01350159304097792013093(Defensive coding fundamentals in C and C++)
5 https://infyspringboard.onwingspan.com/en/app/toc/lex_auth_013501581644931072
11192/overview(SecurityProgramming:PythonScriptingEssentials)

ONLINEREFERENCE
1 https://www.stealthlabs.com/blog/infographic-top-15-cybersecurity-myths-vs-reality/
2 https://microage.ca/cybersecurity-layering-approach/
3 https://www.oracle.com/java/technologies/javase/seccodeguide.html
4 https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling
5 https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-sandboxing/
6 https://www.skillsoft.com/course/security-programming-python-scripting-essentials-
bea4b5-6b5346072b8e

SOFTWAREREQUIREMENT
● Python
● Javascript,NodeJs
● JavaDevelopmentkit
HARDWARE REQUIREMENT
● i5ori7processoror R5fromAMD
● 16GBof RAM.500GBstoragesystem
INDUSTRYSCOPE
On completion of this course students will be able to identify vulnerability and security
threatsinwebapplicationsandlearntowritesecurecode.Thisisextremelycrucial,given the
huge volume of digital transactions and web applications.

INDUSTRYUSECASES
1. Identificationofbasicnetworkcomponents,practicecommandsforTCP-IParchitecture
and subnetting. [Reference : Lab Guide - Viewer Page | Infosys
Springboard(onwingspan.com)]
2. Build awareness on Defensive coding practices and control such as secure
configuration, error handling, and session management, cryptography, input and
output sanitization, error handling, input validation, logging and auditing, and session
and exception management.[Reference:
https://infyspringboard.onwingspan.com/web/en/viewer/html/lex_auth_01350156965
71596809160]
3. Practice defensive coding practices in C/C++ such as inspections, testing, and input
validation. [Reference:Defensive Coding Fundamentals for C/C++ - Viewer Page |
Infosys Springboard (onwingspan.com)
4. Explore the top 10 OWASP vulnerabilities, their causes, consequences, and mitigation
techniques.
[Reference:OWASPTop10:WebApplicationSecurity-ViewerPage|
InfosysSpringboard(onwingspan.com)],OWASP.org,http://cwe.mitre.org/top25/
archive/2021/2021_cwe_top25.html. Make a report of the studied material.
5. PracticesecurecodingtechniquesinPythonprogramminglanguage[Reference:https://
infyspringboard.onwingspan.com/en/app/toc/lex_auth_01350158164493107211192/
overview
6. Create a login page with username and password which will connect to a database
whichwillstorethenameandpassword.YoucanuseJavaandHTMLcodeanddatabase as per
convenience. Simulate an SQL injection attack. Write embedded SQL code to
avoidSQLinjectionattack.DocumenthowthisistakencareinthelaterversionsofJava.
7. Create a login page with username and password which will connect to a database
whichwillstorethenameandpassword.YoucanusePythonasabaseanddatabaseas per
convenience. Simulate an SQL injection attack. Write the revised code in Python that
will sanitize the inputs and help prevent an SQL injection attack.
8. Read and understand the Heartbleed vulnerability. Identify the code in C++ that can
simulate this vulnerability and code to fix it. Document the secure coding practices to
takecareofthisvulnerabilityandthereasonsforitto happen.
9.Given awebapplication,tryoutthetop10 OWASP vulnerabilitiesandhowtomitigate them.
[Reference: TOC - Explore OWASP Top 10 Vulnerabilities | Infosys
Springboard(onwingspan.com), will be given as a document with code]

Modeof Delivery Online(Self-Learning)

Course Evaluation OnlineAssessment
ApplicableforAllBranchesofEngineering(First
MultipleHybridBranchofStudents
Year & Final Year)
NOSAlignment Yes-InfosysIndustryStandard
Train-the-Trainer FacultyEnablement Program
Commercials Freeof Cost