Search

Other search services

Find courses and programmes Show syllabus Search welcome letters Search staff

Computer Engineering BA (B), Web Application Security, 7.5 Credits

Please note that the literature can be changed/revised until: 
• June 1 for a course that starts in the autumn semester
• November 15 for a course that starts in the spring semester
• April 1 for a course that starts in the summer 


Print or save the syllabus as a PDF

You can easily print a syllabus from the website. Use the keyboard shortcut ctrl+p (Windows) or command+p (Mac). In the next step, you choose whether you want to print or save the course plan as a PDF.


Versions:
2023-11-20 - Until further notice 2017-01-01 - 2023-11-19 2015-07-31 - 2016-12-31 2014-07-01 - 2015-07-30 2014-01-20 - 2014-06-30 2013-07-31 - 2014-01-19 2012-07-01 - 2013-07-30
Copy link to this version of curriculum Copy link that always leads to the latest version of this curriculum

Syllabus:
Datateknik GR (B), Webbapplikationssäkerhet, 7,5 hp
Computer Engineering BA (B), Web Application Security, 7.5 Credits

General data

  • Code: DT144G
  • Subject/Main field: Computer Engineering
  • Cycle: First cycle
  • Progression: (B)
  • Credits: 7,5
  • Progressive specialization: G1F - First cycle, has less than 60 credits in first-cycle course/s as entry requirements
  • Education area: Teknik 100%
  • Answerable faculty: Faculty of Science, Technology and Media
  • Answerable department: Department of Information and Communication Systems
  • Approved: 2012-06-04
  • Date of change: 2013-12-21
  • Version valid from: 2014-01-20

Aim

The course is a preparatory course for development of secure web applications, to give an awareness of the need for security in web applications. The course covers the most frequent attacks against web applications and methods of preventing these attacks.

Course objectives

After passing the course the student shall be able to:
- state the most common attacks against web applications,
- explain how these attacks work,
- apply methods for preventing these attacks in web applications, and
- audit application code to find security flaws.

Content

1) Injection,
2) Broken Authentication and Session Management,
3) Cross-Site Scripting (XSS),
4) Insecure Direct Object References,
5) Security Misconfiguration,
6) Sensitive Data Exposure,
7) Missing Function Level Access Control,
8) Cross-Site Request Forgery (CSRF),
9) Using Components with Known Vulnerabilities,
10) Unvalidated Redirects and Forwards.

Entry requirements

Computer Engineering, 30 Credits, including the courses Web Development II and 7.5 credit Databases.

Selection rules and procedures

The selection process is in accordance with the Higher Education Ordinance and the local order of admission.

Teaching form

Teaching is through lectures and individual work in the form of a project. The project is worked on during the entire course and is presented both orally and in writing at the end of the course.

Examination form

0.0 hp, I101: Introductory assignment
Grades: Pass or Fail.

6.0 hp, P101: Project, written and oral presentation.
Grades: A, B, C, D, E, Fx and F. A-E are passing grades, Fx and F are failing grades.

1.5 hp, G101: Audit, written and oral presentation.
Grades: Pass or Fail.

Mandatory attendance at the presentations of projects and audits.

Grading criteria for the subject can be found at www.miun.se/en/Student/Services/Grading-Criteria.

Grading system

Seven-grade scale, A, B, C, D, E, Fx and F. Fx and F represent fail levels.

Other information

The student must have a headset with earphones and a microphone as well as a webcam.

A student who does not complete I101 Introductory assignment witih three weeks
from course start will lose his or her place as the university will deregister said
student from the course.

Course reading

Select litterature list:

Required literature

  • Author: The Open Web Application Security Project
  • Title: OWASP Top 10 - 2013: The Ten Most Critical Web Application Security Risks
  • URL: https://www.owasp.org/
  • Author: Matteo Meucci, Eoin Keary, Daniel Cuthbert
  • Title: OWASP Testing Guide
  • Edition: 3.0, 2008
  • Publisher: The Open Web Application Security Project
  • URL: https://www.owasp.org/
  • Author: Kazerooni, Sahba; Cuthbert, Daniel; van der Stock, Andrew; Raja, Krishna
  • Title: OWASP Application Security Verification Standard 2013
  • Edition: 2.0, 2013
  • Publisher: The Open Web Application Security Project
  • URL: https://www.owasp.org/
  • Author: Anderson, Ross
  • Title: Security engineering: a guide to building dependable distributed systems
  • Edition: 2
  • Publisher: Wiley
  • URL: http://www.cl.cam.ac.uk/~rja14/book.html
  • Author: Adrian Weismann, Mark Curphey, Andrew van der Stock, Ray Stirbei
  • Title: A Guide to Building Secure Web Applications and Web Services
  • Edition: 2005
  • Publisher: The Open Web Application Security Project
  • URL: https://www.owasp.org/

Check if the literature is available in the library

The page was updated 10/14/2024