Computer Engineering BA (B), Web Application Security, 7.5 Credits
Please note that the literature can be changed/revised until:
• June 1 for a course that starts in the autumn semester
• November 15 for a course that starts in the spring semester
• April 1 for a course that starts in the summer
Print or save the syllabus as a PDF
You can easily print a syllabus from the website. Use the keyboard shortcut ctrl+p (Windows) or command+p (Mac). In the next step, you choose whether you want to print or save the course plan as a PDF.
Syllabus:
Datateknik GR (B), Webbapplikationssäkerhet, 7,5 hp
Computer Engineering BA (B), Web Application Security, 7.5 Credits
General data
- Code: DT144G
- Subject/Main field: Computer Engineering
- Cycle: First cycle
- Progression: (B)
- Credits: 7,5
- Progressive specialization: G1F - First cycle, has less than 60 credits in first-cycle course/s as entry requirements
- Education area: Teknik 100%
- Answerable faculty: Faculty of Science, Technology and Media
- Answerable department: Department of Information Technology and Media
- Approved: 2012-06-04
- Date of change: 2013-05-14
- Version valid from: 2013-07-31
Aim
The course is a preparatory course for development of secure web applications, to give an awareness of the need for security in web applications. The course covers the most frequent attacks against web applications and methods of preventing these attacks.
Course objectives
After passing the course the student shall be able to:
- state the most common attacks against web applications,
- explain how these attacks work,
- apply methods for preventing these attacks in web applications, and
- audit application code to find security flaws.
Content
1) Injection,
2) Broken Authentication and Session Management,
3) Cross-Site Scripting (XSS),
4) Insecure Direct Object References,
5) Security Misconfiguration,
6) Sensitive Data Exposure,
7) Missing Function Level Access Control,
8) Cross-Site Request Forgery (CSRF),
9) Using Components with Known Vulnerabilities,
10) Unvalidated Redirects and Forwards.
Entry requirements
Computer Engineering, 30 Credits, including the courses Web Development II and Databases - Modelling and Implementing.
Selection rules and procedures
The selection process is in accordance with the Higher Education Ordinance and the local order of admission.
Teaching form
Teaching is through lectures and individual work in the form of a project. The project is worked on during the entire course and is presented both orally and in writing at the end of the course.
Examination form
0.0 hp, I101: Introductory assignment
Grades: Pass or Fail.
6.0 hp, P101: Project, written and oral presentation.
Grades: A, B, C, D, E, Fx and F. A-E are passing grades, Fx and F are failing grades.
1.5 hp, G101: Audit, written and oral presentation.
Grades: Pass or Fail.
Mandatory attendance at the presentations of projects and audits.
Grading criteria for the subject can be found at www.miun.se/en/Student/Services/Grading-Criteria.
Grading system
Seven-grade scale, A, B, C, D, E, Fx and F. Fx and F represent fail levels.
Other information
The student must have a headset with earphones and a microphone as well as a webcam.
A student who does not complete I101 Introductory assignment witih three weeks
from course start will lose his or her place as the university will deregister said
student from the course.
Course reading
Required literature
- Author: The Open Web Application Security Project
- Title: OWASP Top 10 - 2013: The Ten Most Critical Web Application Security Risks
- URL: https://www.owasp.org/