Veebirakenduste turvalisus - Kursused - Arvutiteaduse instituut

LTAT.04.013 Web Application Security

Course info

Responsible: Arnis Paršovs (arnis.parsovs@ UT)
Teaching assistant: Denizalp Kapisiz (denizalp.kapisiz@ UT)
Credits: 3 ECTS
Language: English
Assessment: differentiated (A, B, C, D, E, F, not present)
Lectures: Pre-recorded, every Saturday on Moodle by 23:59
Course Moodle: course link

General Information

This is a hands-on course that covers the most common web application vulnerabilities, their exploitation and mitigation techniques. There will be weekly homework involving HTML5, JavaScript or PHP. Students are expected to have experience in web application development.

Grading

Final grade structure:
Homework: 70%
Final test: 30%

Schedule

[Aug-31] 0. Introduction
[Aug-31] 1. Web, HTTP protocol, HTTPS, Cookies
[Sep-07] 2. Same-Origin Policy (SOP)
[Sep-14] 3. Cross-Site Scripting (XSS)
[Sep-21] 4. Cross-Site Request Forgery (CSRF)
[Sep-28] 5. Content Security Policy (CSP)
[Oct-05] 6. User Interface Attacks
[Oct-12] 7. Authentication and Session Management
[Oct-19] 8. Tracking and fingerprinting
[Oct-26] 9. SQL Injection (SQLi)
[Nov-02] 10. Bots and CAPTCHAs
[Nov-09] 11. Server-Side Vulnerabilities
[Nov-16] 12. Server-Side Vulnerabilities 2
[Nov-23] 13. Attack detection and prevention Δ
[Dec-05] Test (on-site in DELTA)

Veebirakenduste turvalisus 2024/25 sügis

LTAT.04.013 Web Application Security

Course info

General Information

Grading

Schedule