CENG0034 Web Application Security

6 ECTS - 3-0 Duration (T+A)- . Semester- 3 National Credit

Information

Code CENG0034
Name Web Application Security
Term 2022-2023 Academic Year
Term Spring
Duration (T+A) 3-0 (T-A) (17 Week)
ECTS 6 ECTS
National Credit 3 National Credit
Teaching Language İngilizce
Level Yüksek Lisans Dersi
Type Normal
Mode of study Yüz Yüze Öğretim
Catalog Information Coordinator
Course Instructor
1


Course Goal / Objective

This course involves the security methods applied to websites, web applications, and web services. The course focuses on how to develop and maintain secure web applications by applying security principles and techniques.

Course Content

Users tracking/profiling. Privacy preserving. User authentication and session management. Web environment security: secure set-up of web servers and firewalling. SQL injection. Cross-site scripting (XSS). Cross-site request forgery (CSFR). Secure HTTP (HTTPS): goals and pitfalls. Internet e-mail: MIME and PGP, phishing, spamming & spoofing. Secure e-payment systems for websites. Cloud computing and security. Web DDoS attacks and prevention. XML security. AJAX and web services security. Security concepts of PHP vs. java servlets. Security concepts of java server pages and java server faces. Recent attack trends and cutting-edge web security

Course Precondition

There are no prerequisites.

Resources

1. Hanqing W. Web Security, CRC Press, 2015, ISBN: 978-1466592612

Notes

2. Harwood, M., Goncalves, M., and Pemble, M. Security Strategies in Web Applications and Social Networking (Information Systems Security & Assurance), 2010. ISBN: 9780763791957 3. Bruce W. Perry, “Java Servlet & JSP Cookbook”. O’Reilly Media, 2004


Course Learning Outcomes

Order Course Learning Outcomes
LO01 Ability to describe web-based applications and associated threats and differentiate from mainframe, client-server applications
LO02 Ability to evaluate web application security vulnerabilities and take countermeasures
LO03 Ability to detect and mitigate Web DDoS attacks
LO04 Ability to understand the role of secure web-based applications in e-commerce transactions
LO05 Ability to describe the security concepts of PHP, java servlets, java server pages and java server faces
LO06 Ability to describe recent web attack trends and cutting-edge web security


Relation with Program Learning Outcome

Order Type Program Learning Outcomes Level
PLO01 Bilgi - Kuramsal, Olgusal On the basis of the competencies gained at the undergraduate level, it has an advanced level of knowledge and understanding that provides the basis for original studies in the field of Computer Engineering. 3
PLO02 Bilgi - Kuramsal, Olgusal By reaching scientific knowledge in the field of engineering, he/she reaches the knowledge in depth and depth, evaluates, interprets and applies the information. 3
PLO03 Yetkinlikler - Öğrenme Yetkinliği Being aware of the new and developing practices of his / her profession and examining and learning when necessary. 4
PLO04 Yetkinlikler - Öğrenme Yetkinliği Constructs engineering problems, develops methods to solve them and applies innovative methods in solutions. 4
PLO05 Yetkinlikler - Öğrenme Yetkinliği Designs and applies analytical, modeling and experimental based researches, analyzes and interprets complex situations encountered in this process. 5
PLO06 Yetkinlikler - Öğrenme Yetkinliği Develops new and / or original ideas and methods, develops innovative solutions in system, part or process design. 5
PLO07 Beceriler - Bilişsel, Uygulamalı Has the skills of learning. 4
PLO08 Beceriler - Bilişsel, Uygulamalı Being aware of new and emerging applications of Computer Engineering examines and learns them if necessary. 3
PLO09 Beceriler - Bilişsel, Uygulamalı Transmits the processes and results of their studies in written or oral form in the national and international environments outside or outside the field of Computer Engineering. 3
PLO10 Beceriler - Bilişsel, Uygulamalı Has comprehensive knowledge about current techniques and methods and their limitations in Computer Engineering. 4
PLO11 Beceriler - Bilişsel, Uygulamalı Uses information and communication technologies at an advanced level interactively with computer software required by Computer Engineering. 2
PLO12 Bilgi - Kuramsal, Olgusal Observes social, scientific and ethical values in all professional activities.


Week Plan

Week Topic Preparation Methods
1 Introduction to Web Application Security Reading related chapter in lecture notes Öğretim Yöntemleri:
Anlatım
2 Browser security: attack to browsers, users tracking/profiling, privacy preserving, anonymity, secure browsing Reading related chapter in lecture notes Öğretim Yöntemleri:
Anlatım
3 User Authentication and Session Management Reading related chapter in lecture notes Öğretim Yöntemleri:
Anlatım
4 Web Environment Security: Secure set-up of web servers and firewalling Reading related chapter in lecture notes Öğretim Yöntemleri:
Anlatım
5 Website Attacks: SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSFR) Reading related chapter in lecture notes Öğretim Yöntemleri:
Anlatım
6 Secure HTTP (HTTPS): Goals and Pitfalls Reading related chapter in lecture notes Öğretim Yöntemleri:
Anlatım
7 Internet E-Mail: MIME and PGP, phishing, spamming & spoofing, e-mail forensics Reading related chapter in lecture notes Öğretim Yöntemleri:
Anlatım
8 Mid-Term Exam Ölçme Yöntemleri:
Yazılı Sınav
9 Secure E-Payment Systems for Websites Reading related chapter in lecture notes Öğretim Yöntemleri:
Anlatım
10 Cloud Computing and Security Reading related chapter in lecture notes Öğretim Yöntemleri:
Anlatım
11 Web DDoS Attacks and Prevention Reading related chapter in lecture notes Öğretim Yöntemleri:
Anlatım
12 Security in parsing of XML data, XML injection Reading related chapter in lecture notes Öğretim Yöntemleri:
Anlatım
13 AJAX and Web Services (SOAP and REST) Security Reading related chapter in lecture notes Öğretim Yöntemleri:
Anlatım
14 Security Concepts of Java Servlets, Java Server Pages and Java Server Faces Reading related chapter in lecture notes Öğretim Yöntemleri:
Anlatım
15 Recent Attack Trends and Cutting-Edge Web Security Reading related chapter in lecture notes Öğretim Yöntemleri:
Anlatım
16 Term Exams Ölçme Yöntemleri:
Yazılı Sınav
17 Term Exams Ölçme Yöntemleri:
Yazılı Sınav


Student Workload - ECTS

Works Number Time (Hour) Workload (Hour)
Course Related Works
Class Time (Exam weeks are excluded) 14 3 42
Out of Class Study (Preliminary Work, Practice) 14 5 70
Assesment Related Works
Homeworks, Projects, Others 0 0 0
Mid-term Exams (Written, Oral, etc.) 1 15 15
Final Exam 1 30 30
Total Workload (Hour) 157
Total Workload / 25 (h) 6,28
ECTS 6 ECTS

Update Time: 19.11.2022 12:53