Home/ Majors directory/Management of Information Security /WEB-Resource Security
WEB-Resource Security
Major: Management of Information Security
Code of subject: 7.125.03.O.001
Credits: 4.00
Department: Information Security
Lecturer: PhD Lakh Yuriy Volodymyrovych
Semester: 1 семестр
Mode of study: денна
Learning outcomes: Understand:
• architecture of web applications protocols (HTTP, SOAP, etc) - common vulnerabilities and weaknesses, open vulnerability databases
• security aspects applying PHP, JavaScripts, SQL, etc languages
• web authentication mechanisms and techniques for authentication bypass
• application coding errors (SQL Injection, CSS attacks, etc)
• Existing Web resources vulnerability (sql injection, brute force, xss, etc.) and how to deal with them at the design stage and during operation. Design patterns for secure web applications
• XSS attacks, SQL-injection, include vulnerability and how to resolve them. Security architecture typical for Web-services
• OWASP
Ability to:
• protect web services against cyber attacks. Apply OWASP
• performing research on information security of client-server system
• protect client &servers on web-platforms
Required prior and related subjects: • Internet work
• Web programming
• Programming Technologies
Summary of the subject: The purpose of the course is to provide knowledge in Web security. The students will obtain practical skills in architecture of web applications protocols, vulnerability databases security aspects of PHP, JavaScripts, SQL languages, web authentication mechanisms and techniques for authentication bypass, attacks modeling and risks evaluation, IDS and IPS systems.
Assessment methods and criteria: • oral examination, homework, control work, assessment of students activity during the course (50%)
• final control (50 %, test): written-oral form (50%)
Recommended books: 1. Оглтри Т. Модернизация и ремонт сетей = Upgrading and Repairing Networks — 4-е изд. — М. : Издательский дом “Вильямс”, 2005. — 1328 с.
2. Олифер В.Г., Олифер Н.А. Компютерные сети. Принципы, технологии, протоколы: Учебник для вузов. 4-е изд. — СПб.: Питер, 2010. — 944 с.
3. D. Gourley, B. Totty HTTP: The Definitive Guide. O’Reilly Media, Inc., 2002.
4. D. Stuttard, M. Pinto The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws. John Wiley & Sons, Inc., 2011.
5. Web Application Security Consortium, "Web Security Threat Classification v2.0"
http://projects.webappsec.org/f/WASC-TC-v2_0.pdf
6. Web Application Security Consortium, "Web Security Threat Classification v1.0" http://projects.webappsec.org/Threat-Classification