Attacks on web applications and associated protection methods

Undergraduate course

ECTS credits
2.5
Teaching semesters
Autumn
Course code
INF640
Number of semesters
1
Teaching language
English
Resources
Schedule

Course description

Objectives and Content

Objectives

The course goal is to study the most common weaknesses and attacks on web applications and to learn best practices for secure web development. We will also investigate how to use some popular tools for automated security testing of web applications. We study basics of important application security standards and verification techniques. The course will contribute to a better understanding of web security risks and how to counter them.

Content

OWASP Methodology and Top 10 project

Common attacks on web applications

  • Code injection with SQL and XPath injections as an example
  • Cross-Site Scripting
  • Misuse of authentication and session management failures
  • File inclusion

Tools

Use some vulnerability scanners and penetration testing tools running them on a vulnerable application like DVWA.

Learning Outcomes

On completion of the course the student should have the following learning outcomes defined in terms of

knowledge, skills and general competence

Knowledge

The student knows

  • most common threats to web applications and possible consequences
  • basic techniques and tools for attacks on web-applications and learn legal or ethical implications of using these tools
  • important application security standards and verification techniques

Skills

The student can

  • identify potential vulnerabilities to classical web attacks and suggest relevant countermeasures
  • use some tools for web application security testing
  • use and promote secure development practices

General competence

The student can explain security-related issues to a non-technical audience, suggest security solutions and argue for them

ECTS Credits

2,5 ECTS

Semester of Instruction

Autumn and spring
Required Previous Knowledge
None
Recommended Previous Knowledge
computer networks, SQL, databases.
Credit Reduction due to Course Overlap
Reduction 2,5 ECTS to following courses: INF140, INF226.
Access to the Course
Entry to this courses requires admission through UiB Videre.
Teaching and learning methods
The teaching methods are organized as online teaching and digital learning resources.
Compulsory Assignments and Attendance
Assessment in this course is carried out through compulsory quizzes and/or assignments on key topics. Compulsory quiz and activities are only valid for 1 semester (i.e. the teaching semester).
Forms of Assessment
The course is passed when all the obligatory work is completed and approved by the course instructor.
Grading Scale
Pass/Fail
Assessment Semester
Examination only in the teaching semester
Reading List

The reading list will be available within June 1st for the autumn semester and December 1st for the spring

semester

Course Evaluation

The course will be evaluated by the students in accordance with the quality assurance system at UiB and the

department

Programme Committee
The Program Committee is responsible for the content, structure and quality of the study program and courses.
Course Coordinator

Course coordinator and administrative contact person can be found on MittUiB, or contact

studierettleiar@ii.uib.no

Course Administrator
The Faculty of Science and Technology and Department of Informatics has the responsibility for the program and course.

Course description

Contact Information

This course is administered by the Department of Informatics.

Contact studieveileder@ii.uib.no

Exam information

Type of assessment
Assignements

Important information about exams

Department of Informatics