Web security
Code 517AA
Credits 6
Learning outcomes
Objectives
The course subject is to address the main problems related to a secure usage of web applications, and coutermeasures for fight the possible attacks that attackers may perform.
After a short introduction to the general issues related to security, and to those related to the use of world wide web, the main attacks web users are subject to, like cross site scripting, or phishing, are presented, as well as the software that typically is used in such attacks. Such an example software is taken from real attacks performed in the past, and for which working patches exist and are widespread, but it is similar to that presently used by hackers. Besides, the actions, software tools and web applications that can be used for such attacks are presented. Finally, countermeasures typically adopted to counterfight the above attacks, or to alert about them, are given.
The attacks considered are not only those performed by technically skilled attackers: also attacks based on human weaknesses, like those known as social engineering, are part of the course.
Syllabus
1. Introduction and intelligence gathering
2. cross site scripting
3. cross site request forgery
4. internet application level vulnerabilities
5. blended attacks
6. vulnerabilities of the applications for cloud computing
7. attacks to mobile devices
8. phishing
9. social engineering through the web
10. attacks to the executives
11. case studies
Course structure
6 CFUs. Exam consists in an oral examination.
The course subject is to address the main problems related to a secure usage of web applications, and coutermeasures for fight the possible attacks that attackers may perform.
After a short introduction to the general issues related to security, and to those related to the use of world wide web, the main attacks web users are subject to, like cross site scripting, or phishing, are presented, as well as the software that typically is used in such attacks. Such an example software is taken from real attacks performed in the past, and for which working patches exist and are widespread, but it is similar to that presently used by hackers. Besides, the actions, software tools and web applications that can be used for such attacks are presented. Finally, countermeasures typically adopted to counterfight the above attacks, or to alert about them, are given.
The attacks considered are not only those performed by technically skilled attackers: also attacks based on human weaknesses, like those known as social engineering, are part of the course.
Syllabus
1. Introduction and intelligence gathering
2. cross site scripting
3. cross site request forgery
4. internet application level vulnerabilities
5. blended attacks
6. vulnerabilities of the applications for cloud computing
7. attacks to mobile devices
8. phishing
9. social engineering through the web
10. attacks to the executives
11. case studies
Course structure
6 CFUs. Exam consists in an oral examination.