Semester 1 / ECTS Credits: 6 ECTS
Course Description:
The main objective of this course is to give short and focused introduction to Web Application Security.
Students will gain comprehensive knowledge and practical skills of the topics covered with theories, concepts, and hands-on exercises.
The course follows the latest OWASP standards related to topics of course, focuses on web application architecture and database management system security. Also, different approaches of authentication and authorization will be discussed. Security testing will be evaluated with various tools and practices.
Students will gain knowledge about the most important concepts of Web Application Security and examples of best practices.
Practical skills will be obtained during laboratory work using web server, database management tools, tools for testing applications and cryptographic algorithms.
Learning Outcomes:
- Define and evaluate web application security
- Critically evaluate implemented security standards
- Classify web application attacks
- Design secure applications considering attack types
- Evaluate the quality of implementation of information systems security solutions
- Recognize security in database management systems
- Use application vulnerability detection tools
Course content lectures:
- Web applications
- Introduction to web application security
- Web application architecture
- OWASP
- Injection attacks
- SQL injection
- Broken authentication
- Sensitive data exposure
- Broken access control
- Security misconfiguration
- Cross-site scripting (XSS)
- Insecure deserialization
- Using Components with Known Vulnerabilities
14. Insufficient logging and monitoring
15. Web application security testing