LTAT.04.018 Web Security
Course info
Responsible: Arnis Parsovs (arnis.parsovs@ UT)
Credits: 6 ECTS
Language: English
Lectures: Pre-recorded video lectures
Practice: Wednesdays 14:15-16:00, in DELTA room 2010 and via Zoom (not compulsory - consultation time)
Moodle page: course link
Zulip channel: For course related discussions (login with your UT credentials)
General Information
This is a hands-on course that covers the most common web application vulnerabilities, their exploitation and mitigation techniques.
Every lecture includes homework, typically involving exploiting and fixing vulnerabilities.
Students are expected to have basic skills in web application development (HTML, JavaScript and PHP).
Grading
Final grade structure:
Homework: 70%
Final test: 30%
Schedule
0. Introduction
1. Web, HTTP protocol, HTTPS, Cookies
2. Same-Origin Policy (SOP)
3. Cross-Site Request Forgery (CSRF)
4. Cross-Site Scripting (XSS)
5. Content Security Policy (CSP)
6. User Interface (UI) attacks
7. Tracking and fingerprinting
8. Browser extensions
9. Bots and CAPTCHAs
10. Authentication and session management
11. Authorization
12. SQL Injection (SQLi)
13. Server-side vulnerabilities
14. Server-side vulnerabilities 2
15. Attack detection and prevention
16. Test (in DELTA room ...)