TÜRKÇE
ENGLISH
Information
| Code | ABL1501 |
| Name | Web Application Security |
| Term | 2024-2025 Academic Year |
| Semester | . Semester |
| Duration (T+A) | 3-0 (T-A) (17 Week) |
| ECTS | 5 ECTS |
| National Credit | 3 National Credit |
| Teaching Language | Türkçe |
| Level | Yüksek Lisans Dersi |
| Type | Normal |
| Mode of study | Yüz Yüze Öğretim |
| Catalog Information Coordinator |
Course Goal / Objective
This course involves the security methods applied to websites web applicatiions and web services The course focuses on how to develop and maintain secure web applications by applying security principles and techniques.
Course Content
Users tracking/profiling. Privacy preserving. User authentication and session management. Web environment security: secure set-up of web servers and firewalling. SQL injection. Cross-site scripting (XSS). Cross-site request forgery (CSFR). Secure HTTP (HTTPS): goals and pitfalls. Internet e-mail: MIME and PGP, phishing, spamming & spoofing. Secure e-payment systems for websites. Cloud computing and security. Web DDoS attacks and prevention. XML security. AJAX and web services security. Security concepts of PHP vs. java servlets. Recent attack trends and cutting-edge web security.
Course Precondition
There are no prerequisites.
Resources
1. William Stallings , “Network Security Essentials”, 5th Edition, 2014
Notes
2. Kaufman, Perlman, and Speciner, “Network Security: Private Communication in a Public World”, 2nd Edition, 2002 3. Wu and Irwin, “Introduction to Computer Networks and Cybersecurity”, 2013
Course Learning Outcomes
| Order | Course Learning Outcomes |
|---|---|
| LO01 | Ability to describe web-based applications and associated threats and differentiate from mainframe, client-server applications. |
| LO02 | Ability to evaluate web application security vulnerabilities and take countermeasures |
| LO03 | Ability to detect and mitigate Web DDoS attacks |
| LO04 | Ability to understand the role of secure web-based applications in e-commerce transactions |
| LO05 | Ability to describe the security concepts of PHP |
| LO06 | Ability to describe recent web attack trends and cutting-edge web security |
Relation with Program Learning Outcome
| Order | Type | Program Learning Outcomes | Level |
|---|---|---|---|
| PLO01 | Bilgi - Kuramsal, Olgusal | Knows current concepts in the field of Forensic Sciences. | 4 |
| PLO02 | Bilgi - Kuramsal, Olgusal | Comprehends the relations between the areas of Forensic Sciences. | 4 |
| PLO03 | Bilgi - Kuramsal, Olgusal | Comprehends the importance of ethical principles and ethical committees for the individual and society. | 3 |
| PLO04 | Bilgi - Kuramsal, Olgusal | Knows the concept of expertise and forensic procedural approach. | |
| PLO05 | Bilgi - Kuramsal, Olgusal | Recognize the statistical methods that are frequently used in studies in the field of Forensic Sciences. | 4 |
| PLO06 | Bilgi - Kuramsal, Olgusal | Knows crime scene investigation and evidence collection procedures | 4 |
| PLO07 | Beceriler - Bilişsel, Uygulamalı | Interprets the knowledge gained in the field by integrating it with the knowledge from different disciplines. | |
| PLO08 | Beceriler - Bilişsel, Uygulamalı | Uses statistical software that is frequently used in the field of Forensic Sciences. | |
| PLO09 | Beceriler - Bilişsel, Uygulamalı | Uses the knowledge and research methods obtained in the field in solving forensic cases. | |
| PLO10 | Beceriler - Bilişsel, Uygulamalı | Takes responsibility by participating in teamwork | |
| PLO11 | Beceriler - Bilişsel, Uygulamalı | Develops solutions for solving complex problems that may be encountered in the field of Forensic Sciences. | 5 |
| PLO12 | Yetkinlikler - Bağımsız Çalışabilme ve Sorumluluk Alabilme Yetkinliği | Can lead in certain challenging Forensic circumstances include interdisciplinary ones. | 3 |
| PLO13 | Yetkinlikler - Bağımsız Çalışabilme ve Sorumluluk Alabilme Yetkinliği | Follow the scientific meetings and researches in forensic area. | 3 |
| PLO14 | Yetkinlikler - Alana Özgü Yetkinlik | Discusses current developments and studies with different groups in written, oral and visual formats. | |
| PLO15 | Yetkinlikler - Alana Özgü Yetkinlik | Uses current developments, information and practices in Forensic Sciences for the benefit of society. | 3 |
Week Plan
| Week | Topic | Preparation | Methods |
|---|---|---|---|
| 1 | Introduction to Web Application Security | Reading resources on the topic | Öğretim Yöntemleri: Anlatım, Soru-Cevap |
| 2 | Browser security: attack to browsers, users tracking/profiling, privacy preserving, anonymity, secure browsing | Reading resources on the topic | Öğretim Yöntemleri: Anlatım, Soru-Cevap |
| 3 | User Authentication and Session Management | Reading resources on the topic | Öğretim Yöntemleri: Anlatım, Soru-Cevap |
| 4 | Web Environment Security: Secure set-up of web servers and firewalling | Reading resources on the topic | Öğretim Yöntemleri: Anlatım, Soru-Cevap |
| 5 | Website Attacks: SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSFR) | Reading resources on the topic | Öğretim Yöntemleri: Anlatım, Soru-Cevap |
| 6 | Secure HTTP (HTTPS): Goals and Pitfalls | Reading resources on the topic | Öğretim Yöntemleri: Anlatım, Soru-Cevap |
| 7 | Internet E-Mail: MIME and PGP, phishing, spamming & spoofing, e-mail forensics | Reading resources on the topic | Öğretim Yöntemleri: Anlatım, Soru-Cevap |
| 8 | Mid-Term Exam | Reading resources on the topic | Ölçme Yöntemleri: Yazılı Sınav |
| 9 | Secure E-Payment Systems for Websites | Reading resources on the topic | Öğretim Yöntemleri: Anlatım, Soru-Cevap |
| 10 | Cloud Computing and Security | Reading resources on the topic | Öğretim Yöntemleri: Anlatım, Soru-Cevap |
| 11 | Web DDoS Attacks and Prevention | Reading resources on the topic | Öğretim Yöntemleri: Anlatım, Soru-Cevap |
| 12 | Security in parsing of XML data, XML injection | Reading resources on the topic | Öğretim Yöntemleri: Anlatım, Soru-Cevap |
| 13 | AJAX and Web Services (SOAP and REST) Security | Reading resources on the topic | Öğretim Yöntemleri: Anlatım, Soru-Cevap |
| 14 | Security Concepts of PHP vs. Java Servlets | Reading resources on the topic | Öğretim Yöntemleri: Anlatım, Soru-Cevap |
| 15 | Recent Topics in Web Security | Reading resources on the topic | Öğretim Yöntemleri: Anlatım, Soru-Cevap |
| 16 | Term Exams | Reading resources on the topic | Ölçme Yöntemleri: Yazılı Sınav |
| 17 | Term Exams | Reading resources on the topic | Ölçme Yöntemleri: Yazılı Sınav |
Student Workload - ECTS
| Works | Number | Time (Hour) | Workload (Hour) |
|---|---|---|---|
| Course Related Works | |||
| Class Time (Exam weeks are excluded) | 14 | 3 | 42 |
| Out of Class Study (Preliminary Work, Practice) | 14 | 3 | 42 |
| Assesment Related Works | |||
| Homeworks, Projects, Others | 0 | 0 | 0 |
| Mid-term Exams (Written, Oral, etc.) | 1 | 15 | 15 |
| Final Exam | 1 | 30 | 30 |
| Total Workload (Hour) | 129 | ||
| Total Workload / 25 (h) | 5,16 | ||
| ECTS | 5 ECTS | ||