The students know the most important vulnerabilities for Web Sites on the Internet, such as for their users. The students have an overview of possible actions to prevent such vulnerabilities. They can name most of the basic vulnerabilities and know what they consist of.
Content of the course
Web Protocols
Presentation of the HyperText Transfer Protocol (HTTP)
Request/Response, HTTP-Headers, GET vs. POST
SSL, HTTPS Certificates, Double Authentication
Presentation of the most common vulnerabilities of internet Web sites (a.k.a. OWASP Top 10).
Cross Site Scripting - XSS
Injection Flaws
Malicious File Execution
Insecure Direct Object Reference
Cross Site Request Forgery
Information Leakage and Improper Error Handling
Broken Authentication and Session Management
Insecure Cryptographic Storage
Insecure Communications
Failure to Restrict URL Access
Methodology of Web Site testing and auditing.
Each of the chapters is compose of a theoretical part, and of a practical part. In this part, the students will try on an example application the different techniques presented during the course.
The student
Modalities of the Exam
20% for the homework (in groups up to 2 people)
80% exam
Prerequisite
The students must know the basic concepts of Web Programming (HTML, Form, what is Javascript). They also have already used one language of programming specific for Web (PHP, ASP .NET, Java Servlet, etc.)
Literature
The following books can be bought, but are also freely available for download. They are part of the Opensource Web Application Security Project (OWASP).