iTa'LeEm
SEM2 INFO 4345 WEB APPLICATION SECURITY
0%
Previous
Course data
عام
Announcements
Class Rules & Expectations
Course Information
Course Assessments
Consultation Hours
Required References
Kindle Edition
OWASP Official Documentation
OWASP Cheat Sheet Series
Required Software Installation
OWASP ZAP
Damn Vulnerable Web Application (DVWA)
Github Cheat Sheet
Class Administration
Case Studies & Group Project
Week 1: Taaruf
Week 2: Introduction to Web Application Security
Handout - Introduction to Web Application Security
Class Activity - OSI Layers
Forum - Introduction to Web Security
Week 3: Security Fundamentals
Handout - Security Fundamentals
Class Activity - Reservation Form
Class Assignment - Input Validation (Client & Server Side)
Forum - Security Fundamentals
Week 4: Authentication
Handout - Authentication
Setting Up Basic Authentication - Linux
Setting Up Basic Authentication - Windows
Class Activity - Authentication
Class Assignment - Authentication
Forum - Authentication
Quiz 1
Quiz 1 (Week 2, 3 & 4)
Week 5: Authorization
Handout - Authorization Part 1
Authorization Layers
Class Activity - Authorization
TOCTOU Exploit Analogy
TOCTOU Mitigation
Handout - Authorization Part 2
Class Activity - Session Management
HttpOnly and Secure Cookies
Class Activity - SSL & HTTPS Implementation.
Class Assignment - Authorization
Forum - Authorization
Case Study 1
Case Study Instructions
OWASP ZAP Getting Started
Weekly Progress Report
Case Study Submission
Case Study Peer Evaluation
Case Study Forum
Week 6 - 8: Browser Security Principles
Handout - The Same Origin Policy
Same Origin Policy - Check Your Understanding
Handout - Cross-Site Scripting (XSS)
Class Activity - CSP Bypass
Class Activity - JavaScript Attacks
Class Activity - XSS
Handout - Cross-Site Request Forgery (CSRF)
Class Activity - CSRF (Low, Medium & High Security Level)
Class Activity - CSRF (High Security Level)
Class Assignment - XSS & CSRF
Forum - Browser Security Principles
Quiz 2
Quiz 2 (Week 5 - 8)
Week 9: Database Security Principles
Database Security Principles
Class Activity - SQL Injection
Class Activity - Command Injection
Forum - Database Security Principles
Week 10: File Security Principles
Handout - File Security Principles
Class Activity - File Upload Attack
Class Activity - File Inclusion Attack
Class Activity - Directory or Path Traversal Attack
.htaccess Configuration
Forum - File Security Principles
Quiz 3
Quiz 3 - Week 9 - 10
Week 11: Secure Development Methodologies
Handout - Secure Development Methodologies
Security Guidelines for Laravel Application Development
PHP Security Guidelines
Forum - Secure Development Methodologies
OWASP Guidelines for Web Frameworks
Case Study 2
Web Application Security Exam
Week 13 - Examination Week: Final Assessment (Group Project)
Next
iTa'LeEm
واجهة جانبية
2022/2023 Academic Session
2021/2022 Academic Session
2020/2021 Academic Session
2019/2020 Academic Session
العربية (ar)
Bahasa Melayu (ms)
English (en)
العربية (ar)
تسجيل الدخول
Course Navigation
INFO 4345 SEM2
Site Navigation
الصفحة الرئيسية
تجاوز إلى المحتوى الرئيسي
معلومات المقرر الدراسي
الصفحة الرئيسية
المقررات الدراسية
Session 2023/2024 Semester 2
INFORMATION & COMMUNICATION TECHNOLOGY
INFO 4345 SEM2
الملخص
SEM2 INFO 4345 WEB APPLICATION SECURITY
Web Application Security Fundamentals.
Instructor:
MUHAMAD SADRY ABU SEMAN 4621
Skill Level
:
Beginner