Università di Pisa - Valutazione della didattica e iscrizione agli esami

Scheda programma d'esame

SECURITY PROBLEMS IN WEB APPLICATIONS

MAURIZIO ANGELO BONUCCELLI

Academic year2016/17
CourseCOMPUTER SCIENCE AND NETWORKING
Code517AA
Credits6
PeriodSemester 2
LanguageEnglish

Modules

Area

Type

Hours

Teacher(s)

PROBLEMI DI SICUREZZA IN APPLICAZIONI WEB

INF/01

LEZIONI

MAURIZIO ANGELO BONUCCELLI unimap

Esporta in pdf

Programma non disponibile nella lingua selezionata

Learning outcomes

Knowledge

The course subject is to address the main problems related to a secure usage of web applications, and coutermeasures for fight the possible attacks that attackers may perform. The attacks considered are not only those performed by technically skilled attackers: also attacks based on human weaknesses, like those known as social engineering, are part of the course.

Assessment criteria of knowledge

The student will be assessed on his/her demonstrated ability to discuss the main course contents using the appropriate terminology. Alternatively, with the oral presentation, to be made to the teacher and eventually other students, the student must demonstrate the ability to approach a circumscribed research problem, and organise an effective exposition of the results.

Methods:

Final oral exam

Teaching methods

Delivery: face to face

Learning activities:

attending lectures

Attendance: Not mandatory

Teaching methods:

Lectures

Syllabus

After a short introduction to the general issues related to security, and to those related to the use of world wide web, the main attacks web users are subject to, like cross site scripting, or phishing, are presented, as well as the software that typically is used in such attacks. Such an example software is taken from real attacks performed in the past, and for which working patches exist and are widespread, but it is similar to that presently used by hackers. Besides, the actions, software tools and web applications that can be used for such attacks are presented. Finally, countermeasures typically adopted to counterfight the above attacks, or to alert about them, are given.

Bibliography

N. Dhanjani, B. Rios, B. Hardin "Hacking: the next generation", O'Reilly , 2009

Updated: 14/11/2016 17:27