>
Course Unit Title | Course Unit Code | Type of Course Unit | Level of Course Unit | Year of Study | Semester | ECTS Credits |
---|---|---|---|---|---|---|
Web Application Security | TBL462 | Elective | Bachelor's degree | 4 | Fall | 5 |
Associate Prof. Dr. Serdar SOLAK
Assistant Prof. Dr. Önder YAKUT
Lecturer Uğur YILDIZ
1) Recognize common risks and security vulnerabilities of web applications.
2) Recognize the weaknesses of avoidance strategies and techniques.
3) Uses current web application technologies in a secure way.
4) Integrate security features into web applications.
5) Perform security check of web applications, analyze and interpret the results.
6) Use the necessary techniques and tools for web application security.
Program Competencies | ||||||||||||
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | ||
Learning Outcomes | ||||||||||||
1 | Low | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | |
2 | No relation | Middle | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | |
3 | No relation | No relation | High | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | |
4 | No relation | No relation | No relation | Middle | No relation | No relation | No relation | Low | Low | No relation | No relation | |
5 | No relation | No relation | No relation | Middle | No relation | High | High | No relation | No relation | No relation | No relation | |
6 | No relation | No relation | No relation | Middle | No relation | No relation | No relation | No relation | No relation | No relation | No relation |
Face to Face
None
Not Required
Introduction to web application security: defense mechanisms, web application technologies. Application mapping and jumping client-side controls. Authentication attacks. Session management and access control. Database attacks injection. Back-end component attacks. Attacks on application logic. User attacks. Automate customized attacks and data spoofing attacks. Attacks on application architecture and application server. Web application security testing tools: setting up virtual lab and toolkit
1- Stuttard, D., & Pinto, M. (2016). The web application hacker's handbook: discovering and exploiting security flaws, second edition. John Wiley & Sons.
2- Scambray, J., Shema, M., & Sima, C. (2010). Hacking exposed: web applications, third edition. San Francisco: McGraw-Hill.
3- Zalewski, M. (2012). The Tangled Web: A Guide to Securing Modern Web Applications. No Starch Press.
1) Lecture
2) Question-Answer
3) Discussion
4) Drill and Practice
5) Modelling
6) Simulation
7) Case Study
8) Lab / Workshop
9) Self Study
10) Problem Solving
11) Project Based Learning
Contribution of Project to Course Grade |
60% |
---|---|
Contribution of Final Examination to Course Grade |
40% |
Total |
100% |
Turkish
Not Required