Computer Engineering BA (B), Web Application Security, 7.5 Credits

Aim

The course is a preparatory course for development of secure web applications, to give an awareness of the need for security in web applications. The course covers the most frequent attacks against web applications and methods of preventing these attacks.

Course objectives

After passing the course the student shall be able to:
- state the most common attacks against web applications,
- explain how these attacks work,
- apply methods for preventing these attacks in web applications, and
- audit application code to find security flaws.

Content

1) Injection,
2) Broken Authentication and Session Management,
3) Cross-Site Scripting (XSS),
4) Insecure Direct Object References,
5) Security Misconfiguration,
6) Sensitive Data Exposure,
7) Missing Function Level Access Control,
8) Cross-Site Request Forgery (CSRF),
9) Using Components with Known Vulnerabilities,
10) Unvalidated Redirects and Forwards.

Entry requirements

Computer Engineering, 30 Credits, including the courses Web Development II and 7.5 credit Databases.

Selection rules and procedures

The selection process is in accordance with the Higher Education Ordinance and the local order of admission.

Teaching form

Teaching is through lectures and individual work in the form of a project. The project is worked on during the entire course and is presented both orally and in writing at the end of the course.

Examination form

G102: Audit, written and oral presentation, 1.5 Credits
Grade scale: Seven-grade scale, A, B, C, D, E, Fx and F. Fx and F represent fail levels.

I102: Introductory assignment
Grade scale: Fail (U) or Pass (G)

P102: Project, written and oral presentation, 6 Credits
Grade scale: Seven-grade scale, A, B, C, D, E, Fx and F. Fx and F represent fail levels.

0.0 hp, I102: Introductory assignment
Grades: Pass or Fail.

6.0 hp, P102: Project, written and oral presentation.
Grades: A, C, E, Fx and F, where A-E are passing grades, Fx and F are failing grades.

1.5 hp, G102: Audit, written and oral presentation.
Grades: A, C, E, Fx and F, where A-E are passing grades, Fx and F are failing grades.

Mandatory attendance at the presentations of projects and audits.

The final grade is based on P102 together with G102 and is given in the scale A, B, C, D, E for passing grades and Fx, F for failing grades. Grading criteria for the subject can be found at www.miun.se/en/Student/Services/Grading-Criteria.

Transitional rules

Studenter registrerade på denna version av kursplan har rätt att examineras 3 gånger inom loppet av 1 år enligt angivna examinationsformer. Därefter gäller examinationsform enligt senast gällande version av kursplan.

Grading system

Seven-grade scale, A, B, C, D, E, Fx and F. Fx and F represent fail levels.

Other information

The student must have a headset with earphones and a microphone as well as a webcam.

A student who does not complete I101 Introductory assignment witih three weeks
from course start will lose his or her place as the university will deregister said
student from the course.