Scribd
Upload
62 views2 pages

Web Application Security Syllabus

syllabus

Uploaded by

vanithasenthilemail
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
62 views2 pages

Web Application Security Syllabus

syllabus

Uploaded by

vanithasenthilemail
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

L T P C

JCB1702 WEB APPLICATION SECURITY


3 0 0 3

COURSE OBJECTIVES
 To reveal the underlying in web application.
 To identify and aid in fixing any security vulnerabilities during the web
development process.
 To understand the security principles in developing a reliable web application.
 To learn about different industry tools in web security.
 To understand about various testing and security.

PREREQUISITE:

 Web Technology

UNIT I INTRODUCTION TO WEB APPLICATIONS

History of web applications interface -Web application Vs Cloud application -Security


Fundamentals- Input Validation - Attack Surface Reduction Rules of Thumb- Classifying and
Prioritizing Threats

UNIT II WEB APPLICATION SECURITY FUNDAMENTALS

Origin Policy - Exceptions to the Same- Cross-Site Scripting and Cross-Site Request Forgery –
Reflected XSS - HTML Injection

UNIT III WEB APPLICATION VULNERABILITIES

Vulnerabilities in traditional client server application and web applications- client state manipulation-
cookie based attacks,-SQL injection, cross domain attack (XSS/XSRF/XSSI)- Http header injection -
SSL vulnerabilities and testing - Proper encryption use in web application-Session vulnerabilities and
testing - Cross-site request forgery.

UNIT IV WEB APPLICATION MITIGATIONS 9

Http request - Http response, rendering and events - Html image tags - Image tag security - Issue -
Java script on error – Java script timing - Port scanning - Remote scripting - Running remote code -
frame and iframe - Browser sandbox - policy goals, same origin policy - Library import - Domain
relaxation
UNIT V SECURE WEBSITE DESIGN 9
Introduction- Architecture and Design Issues for Web Applications - Deployment Considerations
Input Validation – Authentication – Authorization - Configuration Management - Sensitive Data
- Session Management – Cryptography - Parameter Manipulation - Exception Management.
TOTAL: 45 PERIODS

COURSE OUTCOMES:
At the end of the course, the student should be able to:
 Identify the vulnerabilities in the web applications.
 Identify the various types of threats and mitigation measures of web
applications.
 Apply the security principles in developing a reliable web application.
 Use industry standard tools for web application security.
 Apply Penetration testing to improve the security of web application

TEXT BOOKS:
 Sullivan, Bryan, and Vincent Liu. Web Application Security, A Beginner’s Guide. McGraw
Hill Profe ssional, 2011.

 Stuttard, Dafydd, and Marcus Pinto. The Web Application Hacker’s Handbook: Finding and
Exploiting Security Flaws. John Wiley Sons, 2011

REFERENCES:
1. Behrouz A. Ferouzan, DebdeepMukhopadhyay, "Cryptography and Network Security", 3rd
Edition, Tata McGraw Hill, 2015.
2. Charles Pfleeger, Shari Pfleeger, Jonathan Margulies, "Security in Computing", Fifth Edition,
Prentice Hall, New Delhi, 2015.

WEB REFERENCES:
 Web Application Security [Book] (oreilly.com)
 Web Application Security: Exploitation and Countermeasures for Modern Web ... - Andrew Hoffman - Google
Books amazon.com/Web-Application-Security-Beginners-Guide/dp/0071776168
 https://www.garykessler.net/library/crypto.html
 https://www.cryptomathic.com/news-events/blog/summary-of-cryptographic-algorithms-according-to-nist

CO-PO MAPPINGS:
CO\PO PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12

CO-1 2 - 2 2 - - 1 - - 1 2 1
CO-2 2 2 2 2 2 - - - - 2 1 1
CO-3 2 2 2 2 1 - 2 - - - - 2
CO-4 2 - - 2 - - 1 - - 1 2 1
CO-5 2 1 2 2 2 - 2 - - 1 1 2
Avg 2 1 2 2 1 - 1 - - 1 1 1

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy