SSD4005:Advanced Web Security

DescriptionThe course will introduce advanced web application security with coverage of attacks and countermeasures. Topics include Cross Site Scripting, SQL Injection, and Session Security. More advanced web application vulnerabilities will be discussed including: Blind SQL injection, Flash Security, Authentication, Web Service, and XPath injection, back end components, application logic, customized attacks on web technologies. Most of the examples in the course will be introduced in PHP, MySQL, and Apache. Challenges will be provided on Virtual Machine for students to practice during the lab or work on them as assignments. Lecture: 2 hrs/week; tutorial: 2 hrs/week; Lab: 2 hrs/week.