CNIT 129S: Securing Web Applications
Spring 2018 -- Sam BowneSchedule · Lecture Notes · Projects · Links · Home PageScores |
![]() |
Course JustificationIndustry advisors have repeatedly asked us to teach this class, because every modern business needs a web presence and there are far too few workers qualified to protect them from hackers. There are many jobs available for students who learn how to protect our healthcare, financial, and other confidential data from criminals, spies, and pranksters. Catalog DescriptionTechniques used by attackers to breach Web applications, and how to protect them. How to secure authentication, access, databases, and back-end components. How to protect users from each other. How to find common vulnerabilities in compiled code and source code. Major Learning OutcomesUpon successful completion of this course, the student will be able to: Textbook"The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd Edition", by Dafydd Stuttard , Marcus Pinto; ISBN-10: 1118026470 Buy from Amazon QuizzesThe quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is available for one week, up 30 minutes before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the higher score counts. Live StreamingLive stream at: http://www.ccsf.edu/en/educational-programs/school-and-departments/school-of-liberal-arts/broadcast-electronic-media-arts/EATV/webcasts.html Kahoot and ZoomThe Kahoot competitions don't work well with the CCSF livestream, because it has a delay. For them, use Zoom: |
Schedule (subject to revision) | |||||
---|---|---|---|---|---|
Date | Quiz | Topic | |||
Wed 1-17 | Ch 1: Web Application (In)security Ch 2: Core Defense Mechanisms | ||||
Wed 1-24 | Quiz Ch 1 & 2 * ** | Ch 3: Web Application Technologies
| |||
Wed 1-31 | Quiz Ch 3 * ** Proj 1 due |
Ch 3: Web Application Technologies (continued) | |||
Fri 2-2 | Last Day to Add Classes | ||||
Wed 2-7 | Quiz: Ch 4 * Proj 2 & 3 due |
Ch 4: Mapping the Application | |||
Wed 2-14 | Quiz Ch 5 * Proj 4 due |
Ch 5: Bypassing Client-Side Controls | |||
Wed 2-21 | Quiz: Ch 6 * Proj 5-6 due |
Ch 6: Attacking Authentication | |||
Wed 2-28 | Quiz: Ch 7 * Proj 7 due |
Ch 7: Attacking Session Management | |||
Wed 3-7 | Quiz: Ch 8 * Proj 8 due |
Ch 8: Attacking Access Controls Ch 9: Attacking Data Stores (Part 1) | |||
Wed 3-14 | Quiz Ch 9 * Proj 9 & 10 due |
Ch 9: Attacking Data Stores | |||
Wed 3-21 | No Quiz No Proj Due |
| |||
Wed 3-28 | Holiday - No Class | ||||
Wed 4-4 | Proj 11-12 due | Ch 10: Attacking Back-End Components
| |||
Wed 4-11 | Quiz: Ch 10 & 11 * Proj 13 due |
Ch 11: Attacking Application Logic
| |||
Wed 4-18 | Quiz Ch 12 * Proj 14 due |
Ch 12: Attacking Users: Cross-Site Scripting
| |||
Wed 4-25 | Quiz Ch 13 * Proj 15 due |
Ch 13: Attacking Users: Other Techniques (Part 1)
| |||
Wed 5-2 | No Quiz Proj 16 due |
Ch 13: Attacking Users: Other Techniques (Part 2)
| |||
| |||||
| |||||
Thu 5-17 through Wed 5-23 | Final exam available online: 1 hour, only one attempt | ||||
* Quizzes due 30 min. before class ** No late penalty until after Feb. 7 |