The students know the most important vulnerabilities for Web Sites on the Internet, such as for their users. The students have an overview of possible actions to prevent such vulnerabilities. They can name most of the basic vulnerabilities and know what they consist of.
Content of the course
Presentation of the HyperText Transfer Protocol (HTTP)
Request/Response, HTTP-Headers, GET vs. POST
SSL, HTTPS Certificates, Double Authentication
Presentation of the most common vulnerabilities of internet Web sites (a.k.a. OWASP Top 10).
Cross Site Scripting - XSS
Malicious File Execution
Insecure Direct Object Reference
Cross Site Request Forgery
Information Leakage and Improper Error Handling
Broken Authentication and Session Management
Insecure Cryptographic Storage
Failure to Restrict URL Access
Methodology of Web Site testing and auditing.
Each of the chapters is compose of a theoretical part, and of a practical part. In this part, the students will try on an example application the different techniques presented during the course.
Modalities of the Exam
20% for the homework (in groups up to 2 people)
The following books can be bought, but are also freely available for download. They are part of the Opensource Web Application Security Project (OWASP).