LTAT.04.018 Web Security
Course info
Responsible: Arnis Paršovs (arnis.parsovs@ UT)
Teaching assistant: Denizalp Kapisiz (denizalp.kapisiz@ UT)
Credits: 6 ECTS
Language: English
Assessment: differentiated (A, B, C, D, E, F, not present)
Lectures: Pre-recorded, every Saturday on Moodle by 23:59
Course Moodle: course link
General Information
This is a hands-on course that covers the most common web application vulnerabilities, their exploitation and mitigation techniques.
Every lecture includes homework, typically involving exploiting and fixing vulnerabilities.
Students are expected to have basic skills in web application development (HTML, JavaScript and PHP).
Grading
Final grade structure:
Homework: 70%
Final test: 30%
Schedule
[Feb-08] 0. Introduction
[Feb-08] 1. Web, HTTP protocol, HTTPS, Cookies
[Feb-15] 2. Same-Origin Policy (SOP)
[Feb-22] 3. Cross-Site Request Forgery (CSRF)
[Mar-01] 4. Cross-Site Scripting (XSS)
[Mar-08] 5. Content Security Policy (CSP)
[Mar-15] 6. User Interface (UI) attacks
[Mar-22] 7. Tracking and fingerprinting
[Mar-29] 8. Browser extensions
[Apr-05] 9. Bots and CAPTCHAs
[Apr-12] 10. Authentication and session management
[Apr-19] 11. Authorization
[Apr-26] 12. SQL Injection (SQLi)
[May-03] 13. Server-side vulnerabilities
[May-10] 14. Server-side vulnerabilities 2
[May-17] 15. Attack detection and prevention
[May-28] Test 14:00-16:00 (in DELTA room 2004)