Semester 1 / ECTS Credits: 6 ECTS

Course Description:

The main objective of this course is to give short and focused introduction to Web Application Security.
Students will gain comprehensive knowledge and practical skills of the topics covered with theories, concepts, and hands-on exercises.
The course follows the latest OWASP standards related to topics of course, focuses on web application architecture and database management system security. Also, different approaches of authentication and authorization will be discussed. Security testing will be evaluated with various tools and practices.
Students will gain knowledge about the most important concepts of Web Application Security and examples of best practices.
Practical skills will be obtained during laboratory work using web server, database management tools, tools for testing applications and cryptographic algorithms.

Learning Outcomes:

  1. Define and evaluate web application security
  2. Critically evaluate implemented security standards
  3. Classify web application attacks
  4. Design secure applications considering attack types
  5. Evaluate the quality of implementation of information systems security solutions
  6. Recognize security in database management systems
  7. Use application vulnerability detection tools

Course content lectures:

  1. Web applications
  2. Introduction to web application security
  3. Web application architecture
  4. OWASP
  5. Injection attacks
  6. SQL injection
  7. Broken authentication
  8. Sensitive data exposure
  9. Broken access control
  10. Security misconfiguration
  11. Cross-site scripting (XSS)
  12. Insecure deserialization
  13. Using Components with Known Vulnerabilities
    14. Insufficient logging and monitoring
    15. Web application security testing