CNIT 129S: Securing Web Applications
Fall 2016 -- Sam BowneSchedule · Lecture Notes · Projects · Links · Home Page
ScoresOpen Lab Hours for Sci 214 |
Course JustificationIndustry advisors have repeatedly asked us to teach this class, because every modern business needs a web presence and there are far too few workers qualified to protect them from hackers. There are many jobs available for students who learn how to protect our healthcare, financial, and other confidential data from criminals, spies, and pranksters.Catalog DescriptionTechniques used by attackers to breach Web applications, and how to protect them. How to secure authentication, access, databases, and back-end components. How to protect users from each other. How to find common vulnerabilities in compiled code and source code.Advisory: CNIT 131 and CNIT 120, or comparable familiarity with websites and security concepts Major Learning OutcomesUpon successful completion of this course, the student will be able to:
Textbook"The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd Edition", by Dafydd Stuttard , Marcus Pinto; ISBN-10: 1118026470 Buy from Amazon |
Schedule (subject to revision) | |||
---|---|---|---|
Date | Quiz | Topic | |
Mon 8-15 | Ch 1: Web Application (In)security Ch 2: Core Defense Mechanisms | ||
Mon 8-22 | Ch 3: Web Application Technologies | ||
Mon 8-29 | Ch 3: Web Application Technologies (continued) | ||
Fri 9-2 | Last Day to Add Classes | ||
Mon 9-5 | Holiday - No Class | ||
Mon 9-12 | No Quiz No Proj Due |
Guest Speaker: Kashmir Hill from Fusion Twitter: @kashhill | |
Mon 9-19 | Quiz: Ch 1-3 Proj 1-3 due |
Ch 4: Mapping the Application | |
Mon 9-26 | Quiz Ch 4 Proj 4 due |
Ch 5: Bypassing Client-Side Controls | |
Mon 10-3 | Quiz: Ch 5 Proj 5-6 due |
Ch 6: Attacking Authentication | |
Mon 10-10 | Quiz: Ch 6 Proj 7 due |
Ch 7: Attacking Session Management | |
Mon 10-17 | No Quiz No Proj Due |
Guest Speaker: Michael Fowl from KirkPatrickPrice Penetration Testing | |
Mon 10-24 | Quiz: Ch 7 Proj 8 due |
Ch 8: Attacking Access Controls Ch 9: Attacking Data Stores (Part 1) | |
Mon 10-31 | No Quiz Proj 9 & 10 due |
Ch 9: Attacking Data Stores (Part 2) | |
Mon 10-24 | Mid-Term Grades Due | ||
Mon 11-7 | Quiz: Ch 8-9 Proj 11-12 due |
Ch 10: Attacking Back-End Components | |
Mon 11-14 | Quiz: Ch 10 Proj 13 due |
Ch 11: Attacking Application Logic Ch 12: Attacking Users: Cross-Site Scripting (Part 1) | |
Mon 11-21 | No Quiz Proj 14 due |
Ch 12: Attacking Users: Cross-Site Scripting (Part 2) | |
Mon 11-28 | No Quiz Proj 15 due |
Ch 13: Attacking Users: Other Techniques (Part 1) | |
Mon 12-5 | No Quiz All Extra Credit Projects Due |
Last Class: Ch 13: Attacking Users: Other Techniques (Part 2) | |
Mon 12-12 | Final Exam |