Major: Cyber Security
Code of subject: 8.125.00.M.19
Credits: 3.00
Department: Information Security
Lecturer: Ph.D., Associate Professor Lakh Yu.V.
Semester: 3 семестр
Mode of study: денна
Learning outcomes: As a result of studying the discipline, the student must be able to demonstrate the following learning outcomes: 1. Be able to apply the features of architectural and structural organization and interaction of components of Web-applications in terms of information security. 2. Be able to apply the security protocols and specifications used in Web applications. 3. Know and use languages ??and tools for developing dynamic Web applications. And eliminate vulnerabilities. 4. Make an informed choice of technologies and architectural solutions used in the development of Web applications. 5. Formulate and reasonably uphold the concept of information security of the Web-resource during its development.
Required prior and related subjects: Computer processing of information with limited access
Summary of the subject: The discipline forms an understanding of the current level of common Web programming technologies and their classification, as well as the acquisition of practical skills in creating interactive applications. The course introduces the student to both the tools of Web programming security and networked computer information technology. Provides skills in the application of various security tools and vulnerability assessment, including OWASP, in the creation of Web content, as well as the acquisition of security skills for Web content by various means. Provides Web document security skills, SQL injection prevention, and XSS attacks.
Assessment methods and criteria: Current control: Oral interview - 5; Reporting on completed laboratory work - 25; Assessment of student activity in the process of classes - 5; Examination control: written component-45; oral component-20
Recommended books: 1. D. Gourley, B. Totty HTTP: The Definitive Guide. O’Reilly Media, Inc., 2002. 2. D. Stuttard, M. Pinto The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws. John Wiley & Sons, Inc., 2011. 3. Web Application Security Consortium, "Web Security Threat Classification v2.0" http://projects.webappsec.org/f/WASC-TC-v2_0.pdf 4. Web Application Security Consortium, "Web Security Threat Classification v1.0" http://projects.webappsec.org/Threat-Classification 5. https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29 6. https://www.owasp.org/index.php/Types_of_Cross-Site_Scripting 7. http://projects.webappsec.org/w/page/13246920/Cross%20Site%20Scripting 8. https://en.wikipedia.org/wiki/Cross-site_scripting