CNIT 129S: Securing Web Applications
Moved to SCIE 37
Spring 2020 -- Sam BowneSchedule · Lecture Notes · Projects · Links · Grading |
San Francisco orders residents to stay inside
All my classes are cancelled |
Course JustificationIndustry advisors have repeatedly asked us to teach this class, because every modern business needs a web presence and there are far too few workers qualified to protect them from hackers. There are many jobs available for students who learn how to protect our healthcare, financial, and other confidential data from criminals, spies, and pranksters. Catalog DescriptionTechniques used by attackers to breach Web applications, and how to protect them. How to secure authentication, access, databases, and back-end components. How to protect users from each other. How to find common vulnerabilities in compiled code and source code. Learning OutcomesUpon successful completion of this course, the student will be able to: Textbook"The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd Edition", by Dafydd Stuttard , Marcus Pinto; ISBN-10: 1118026470 Buy from Amazon QuizzesThe quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. Live StreamingYou can attend class remotely at https://zoom.us/j/4108472927 For class-related questions, please emailcnit.129s@gmail.com |
Schedule (subject to revision) | |||
---|---|---|---|
Date | Quiz | Topic | |
Thu 1-16 | Ch 1: Web Application (In)security
| ||
Thu 1-23 | Quiz Ch 1-2 * Proj 1 due * |
Ch 2: Core Defense Mechanisms Ch 3: Web Application Technologies
| |
Thu 1-30 | Quiz Ch 3 * Proj 2 & 3 due * |
Ch 3: Web Application Technologies (continued)
| |
Thu 2-6 | Quiz: Ch 4 * Proj W 200 due * |
Ch 4: Mapping the Application
| |
Thu 2-13 | Quiz Ch 5 Proj W 201 due |
Ch 5: Bypassing Client-Side Controls
| |
Thu 2-20 | Quiz: Ch 6 Proj W 202 due |
Ch 6: Attacking Authentication
| |
Thu 2-27 | No Quiz Proj W 210 due |
Ch 7: Attacking Session Management
| |
Thu 3-5 | Quiz: Ch 7 & 8 Proj 8 & 9 due |
Ch 8: Attacking Access Controls Ch 9: Attacking Data Stores (Part 1)
| |
Thu 3-12 | Quiz: Ch 9 Proj 10 due |
Ch 9: Attacking Data Stores
| |
Thu 3-19 | No Class | ||
Thu 3-26 | Holiday - No Class | ||
Thu 4-2 | Quiz Ch 10 Proj 11 & 12 due |
Ch 10: Attacking Back-End Components
| |
Thu 4-9 | Quiz: Ch 11 W 230 due |
Ch 11: Attacking Application Logic
| |
Thu 4-16 | Quiz Ch 12 Proj 14 & 15 due |
Ch 12: Attacking Users: Cross-Site Scripting
| |
Thu 4-23 | Quiz Ch 13 Proj 16 due |
Ch 13: Attacking Users: Other Techniques (Part 1)
| |
Thu 4-30 | No Quiz Proj 17 due |
Ch 13: Attacking Users: Other Techniques (Part 2)
| |
Thu 5-7 | No Quiz All Extra Credit Proj Due |
Last Class Exploiting Salt and the MITRE ATT&CK knowledge base
| |
Wed 5-13 - Wed 5-20 |
Final Exam available online throughout the week. You can only take it once. | ||
All Quizzes due 30 min. before class * Not counted as late until 2-13 |