Web Application Security
Information Systems Engineering
Faculty of Technology
First Cycle (Bachelor's Degree)
| Course Unit Title | Course Unit Code | Type of Course Unit | Level of Course Unit | Year of Study | Semester | ECTS Credits |
|---|---|---|---|---|---|---|
| Web Application Security | TBL462 | Elective | Bachelor's degree | 4 | Fall | 5 |
Name of Lecturer(s)
Associate Prof. Dr. Serdar SOLAK
Assistant Prof. Dr. Önder YAKUT
Lecturer Uğur YILDIZ
Learning Outcomes of the Course Unit
1) Recognize common risks and security vulnerabilities of web applications.
2) Recognize the weaknesses of avoidance strategies and techniques.
3) Uses current web application technologies in a secure way.
4) Integrate security features into web applications.
5) Perform security check of web applications, analyze and interpret the results.
6) Use the necessary techniques and tools for web application security.
Program Competencies-Learning Outcomes Relation
| Program Competencies | ||||||||||||
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | ||
| Learning Outcomes | ||||||||||||
| 1 | Low | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | |
| 2 | No relation | Middle | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | |
| 3 | No relation | No relation | High | No relation | No relation | No relation | No relation | No relation | No relation | No relation | No relation | |
| 4 | No relation | No relation | No relation | Middle | No relation | No relation | No relation | Low | Low | No relation | No relation | |
| 5 | No relation | No relation | No relation | Middle | No relation | High | High | No relation | No relation | No relation | No relation | |
| 6 | No relation | No relation | No relation | Middle | No relation | No relation | No relation | No relation | No relation | No relation | No relation | |
Mode of Delivery
Face to Face
Prerequisites and Co-Requisites
None
Recommended Optional Programme Components
Not Required
Course Contents
Introduction to web application security: defense mechanisms, web application technologies. Application mapping and jumping client-side controls. Authentication attacks. Session management and access control. Database attacks injection. Back-end component attacks. Attacks on application logic. User attacks. Automate customized attacks and data spoofing attacks. Attacks on application architecture and application server. Web application security testing tools: setting up virtual lab and toolkit
Weekly Schedule
1) Introduction to web application security: web application security and insecurity, basic defense mechanisms, current web application technologies2) Authentication attacks and protection paths
3) Session management and access control attacks
4) Database attacks and ways of protection: SQL, NoSQL, XPATH and LDAP injection
5) Back-end component attacks and prevention of attacks:: OS command, XML, HTTP and SMTP injection
6) Attacks on application logic and ways of protection
7) Attacks on users: Cross-site scripting and other techniques
8) Midterm exam
9) Spoofing attacks and ways of protection
10) Attacks on application architecture and ways of protection
11) Attacks on the application server
12) Validation of form entries in web applications
13) Web application security testing tools: setting up virtual lab and toolkit
14) Web application security assessment and reporting
15) Automating custom attacks
16) Final exam
Recommended or Required Reading
1- Stuttard, D., & Pinto, M. (2016). The web application hacker's handbook: discovering and exploiting security flaws, second edition. John Wiley & Sons.
2- Scambray, J., Shema, M., & Sima, C. (2010). Hacking exposed: web applications, third edition. San Francisco: McGraw-Hill.
3- Zalewski, M. (2012). The Tangled Web: A Guide to Securing Modern Web Applications. No Starch Press.
Planned Learning Activities and Teaching Methods
1) Lecture
2) Question-Answer
3) Discussion
4) Drill and Practice
5) Modelling
6) Simulation
7) Case Study
8) Lab / Workshop
9) Self Study
10) Problem Solving
11) Project Based Learning
Assessment Methods and Criteria
Contribution of Project to Course Grade |
60% |
|---|---|
Contribution of Final Examination to Course Grade |
40% |
Total |
100% |
Language of Instruction
Turkish
Work Placement(s)
Not Required