Semester 3 / ECTS Credits: 6 ECTS
Course Description:
The main objective of this course is to introduce and analyze standards and techniques of secure coding and using them when implementing desktop, web and mobile applications. Common security issues and preventions techniques by using common programming frameworks are also analyzed.
Students will gain comprehensive knowledge of the topic covered through various example of use, practical and laboratory exercises as well as seminar paper.
Throughout this course, OWASP (Open Web Application Security Project) projects, standards and best practices are used and applied in many situations. The OWASP tool is used for scanning for security vulnerabilities of web applications, SonarQube tool is used for static code analysis is used in order to scan existing code and discover potential security problems.
Related to securing the most common use architectural pattern, REST API, best practices with JWT (JSON Web Token) is also presented through practical examples and applying the implementation to Java Web application based on Spring boot framework with the addition of Spring Security framework.
Since the SQL Injection attacks are also one of the most frequent security risks, they are also thoroughly covered with an insight on Data Access Layer based on Hibernate and Spring Data JPA frameworks.
Focusing on Java programming languages, Java serialization and deserialization issues are also covered with descriptions of cases in which the security exploits can be used for security attacks and techniques how to prevent them.
Authentication and authorization, as one of the most important security aspects of web application are also described with examples of best practices that need to be applied in order to avoid security risks.
Recommendations for protecting system in order to protect sensitive user data are also presented.
Learning Outcomes:
- Analyze OWASP standard and apply the best practices to secure coding techniques.
- Apply security assessment tools like OWASP and SonarQube to existing systems in order to discover security vulnerabilities.
- Apply the implementation of JWT token in order to protest REST API interface of a system.
- Determine the best technique to detect the SQL Injection security risks and prevent them by using available Data Access Layer techniques and frameworks.
- Apply the best practices in order to prevent Java deserialization issues.
- Assess the existing application in order to create recommendations how to improve the security aspects related to authentication, authorization and data privacy.
Course content lectures:
- OWASP standard and tools
- SonarQube and static code analysis
- Spring boot framework
- Spring MVC framework
- Spring Security framework
- JWT token REST API protection
- Hibernate framework
- Spring Data JPA framework
- SQL Injection attacks
- Java deserialization
- Web application authorization and authentication
- User accounts protection