![]() |
CNIT 129S: Securing Web Applications
Spring 2021 -- Sam BowneSchedule · Lecture Notes · Projects · Links · Grading
|
![]() |
Course JustificationIndustry advisors have repeatedly asked us to teach this class, because every modern business needs a web presence and there are far too few workers qualified to protect them from hackers. There are many jobs available for students who learn how to protect our healthcare, financial, and other confidential data from criminals, spies, and pranksters. Catalog DescriptionTechniques used by attackers to breach Web applications, and how to protect them. How to secure authentication, access, databases, and back-end components. How to protect users from each other. How to find common vulnerabilities in compiled code and source code. Learning OutcomesUpon successful completion of this course, the student will be able to: Textbook"The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd Edition", by Dafydd Stuttard , Marcus Pinto; ISBN-10: 1118026470 Buy from Amazon QuizzesThe quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the higher score counts. Discussion BoardEach CCSF student must contribute to the Discussion Board in Canvas. There are dates listed in the schedule with Discussion assignment due. For class-related questions, please send messages inside Canvas, or email cnit.129s@gmail.com |
Schedule (subject to revision) | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Date | Assignment Due | Topic | |||||||||||||||||||||||||||||||||||||||||||
Thu 1-21 | Ch 1: Web Application (In)security | ||||||||||||||||||||||||||||||||||||||||||||
Thu 1-28 | Quiz Ch 1-2 * Proj H 110a * |
Ch 2: Core Defense Mechanisms Ch 3: Web Application Technologies | |||||||||||||||||||||||||||||||||||||||||||
Thu 2-4 | Quiz Ch 3 * Proj ED 102 * Discussion 1 * |
Ch 3: Web Application Technologies (continued) | |||||||||||||||||||||||||||||||||||||||||||
Thu 2-11 | Quiz: Ch 4 Proj ED 103 Discussion 2 |
Ch 4: Mapping the Application | |||||||||||||||||||||||||||||||||||||||||||
Thu 2-18 | Quiz Ch 5 Proj W 600 Discussion 3 |
Ch 5: Bypassing Client-Side Controls
Thu 2-25 |
Quiz: Ch 6 |
+20 pts of WSA Proj Discussion 4 Ch 6: Attacking Authentication
| Thu 3-4 |
No Quiz |
+20 pts of WSA Proj Discussion 5 Ch 7: Attacking Session Management
| Thu 3-11 |
Quiz: Ch 7 & 8 |
+20 pts of WSA Proj Discussion 6 Ch 8: Attacking Access Controls | Ch 9: Attacking Data Stores (Part 1) Thu 3-18 |
No Quiz |
Guest: TBA
| Thu 3-25 |
Quiz: Ch 9 |
+20 pts of WSA Proj Discussion 7 Ch 9: Attacking Data Stores
| Fri 4-1 |
Holiday - No Class | Thu 4-8 |
Quiz Ch 10 |
+20 pts of WSA Proj Discussion 8 Ch 10: Attacking Back-End Components
| Thu 4-15 |
Quiz: Ch 11 |
+20 pts of WSA Proj Discussion 9 Ch 11: Attacking Application Logic
| Thu 4-22 |
Quiz Ch 12 |
+20 pts of WSA Proj Discussion 10 Ch 12: Attacking Users: Cross-Site Scripting
| Thu 4-29 |
Quiz Ch 13 |
+20 pts of WSA Proj Discussion 11 Ch 13: Attacking Users: Other Techniques (Part 1)
| Thu 5-6 |
No Quiz |
+20 pts of WSA Proj Ch 13: Attacking Users: Other Techniques (Part 2)
| Thu 5-13 |
No Quiz |
All Extra Credit Proj Due Last Class: TBA
| Wed 5-13 - |
Wed 5-20 Final Exam available online throughout the week. | You can only take it once. |
All Quizzes due 30 min. before class | * No late penalty until 2-11 |
Projects | |
---|---|
H 110a: Linux Journey (20 pts + 63 extra) |