LTAT.04.013 Web Application Security
Course info
Responsible: Arnis Paršovs (arnis.parsovs@ UT)
Teaching assistant: Denizalp Kapisiz (denizalp.kapisiz@ UT)
Credits: 3 ECTS
Language: English
Assessment: differentiated (A, B, C, D, E, F, not present)
Lectures: Pre-recorded, every Saturday on Moodle by 23:59
Course Moodle: course link
General Information
This is a hands-on course that covers the most common web application vulnerabilities, their exploitation and mitigation techniques. There will be weekly homework involving HTML5, JavaScript or PHP. Students are expected to have experience in web application development.
Grading
Final grade structure:
Homework: 70%
Final test: 30%
Schedule
[Aug-31] 0. Introduction
[Aug-31] 1. Web, HTTP protocol, HTTPS, Cookies
[Sep-07] 2. Same-Origin Policy (SOP)
[Sep-14] 3. Cross-Site Scripting (XSS)
[Sep-21] 4. Cross-Site Request Forgery (CSRF)
[Sep-28] 5. Content Security Policy (CSP)
[Oct-05] 6. User Interface Attacks
[Oct-12] 7. Authentication and Session Management
[Oct-19] 8. Tracking and fingerprinting
[Oct-26] 9. SQL Injection (SQLi)
[Nov-02] 10. Bots and CAPTCHAs
[Nov-09] 11. Server-Side Vulnerabilities
[Nov-16] 12. Server-Side Vulnerabilities 2
[Nov-23] 13. Attack detection and prevention
[Dec-05] Test (on-site in DELTA)