TÜRKÇE
ENGLISH
Information
| Code | CENG0034 |
| Name | Web Application Security |
| Term | 2023-2024 Academic Year |
| Semester | . Semester |
| Duration (T+A) | 3-0 (T-A) (17 Week) |
| ECTS | 6 ECTS |
| National Credit | 3 National Credit |
| Teaching Language | İngilizce |
| Level | Yüksek Lisans Dersi |
| Type | Normal |
| Mode of study | Yüz Yüze Öğretim |
| Catalog Information Coordinator |
Course Goal / Objective
This course involves the security methods applied to websites, web applications, and web services. The course focuses on how to develop and maintain secure web applications by applying security principles and techniques.
Course Content
Users tracking/profiling. Privacy preserving. User authentication and session management. Web environment security: secure set-up of web servers and firewalling. SQL injection. Cross-site scripting (XSS). Cross-site request forgery (CSFR). Secure HTTP (HTTPS): goals and pitfalls. Internet e-mail: MIME and PGP, phishing, spamming & spoofing. Secure e-payment systems for websites. Cloud computing and security. Web DDoS attacks and prevention. XML security. AJAX and web services security. Security concepts of PHP vs. java servlets. Security concepts of java server pages and java server faces. Recent attack trends and cutting-edge web security
Course Precondition
There are no prerequisites.
Resources
1. Hanqing W. Web Security, CRC Press, 2015, ISBN: 978-1466592612
Notes
2. Harwood, M., Goncalves, M., and Pemble, M. Security Strategies in Web Applications and Social Networking (Information Systems Security & Assurance), 2010. ISBN: 9780763791957 3. Bruce W. Perry, “Java Servlet & JSP Cookbook”. O’Reilly Media, 2004
Course Learning Outcomes
| Order | Course Learning Outcomes |
|---|---|
| LO01 | Ability to describe web-based applications and associated threats and differentiate from mainframe, client-server applications |
| LO02 | Ability to evaluate web application security vulnerabilities and take countermeasures |
| LO03 | Ability to detect and mitigate Web DDoS attacks |
| LO04 | Ability to understand the role of secure web-based applications in e-commerce transactions |
| LO05 | Ability to describe the security concepts of PHP, java servlets, java server pages and java server faces |
| LO06 | Ability to describe recent web attack trends and cutting-edge web security |
Relation with Program Learning Outcome
| Order | Type | Program Learning Outcomes | Level |
|---|---|---|---|
| PLO01 | Bilgi - Kuramsal, Olgusal | On the basis of the competencies gained at the undergraduate level, it has an advanced level of knowledge and understanding that provides the basis for original studies in the field of Computer Engineering. | 3 |
| PLO02 | Bilgi - Kuramsal, Olgusal | By reaching scientific knowledge in the field of engineering, he/she reaches the knowledge in depth and depth, evaluates, interprets and applies the information. | 3 |
| PLO03 | Yetkinlikler - Öğrenme Yetkinliği | Being aware of the new and developing practices of his / her profession and examining and learning when necessary. | 4 |
| PLO04 | Yetkinlikler - Öğrenme Yetkinliği | Constructs engineering problems, develops methods to solve them and applies innovative methods in solutions. | 4 |
| PLO05 | Yetkinlikler - Öğrenme Yetkinliği | Designs and applies analytical, modeling and experimental based researches, analyzes and interprets complex situations encountered in this process. | 5 |
| PLO06 | Yetkinlikler - Öğrenme Yetkinliği | Develops new and / or original ideas and methods, develops innovative solutions in system, part or process design. | 5 |
| PLO07 | Beceriler - Bilişsel, Uygulamalı | Has the skills of learning. | 4 |
| PLO08 | Beceriler - Bilişsel, Uygulamalı | Being aware of new and emerging applications of Computer Engineering examines and learns them if necessary. | 3 |
| PLO09 | Beceriler - Bilişsel, Uygulamalı | Transmits the processes and results of their studies in written or oral form in the national and international environments outside or outside the field of Computer Engineering. | 3 |
| PLO10 | Beceriler - Bilişsel, Uygulamalı | Has comprehensive knowledge about current techniques and methods and their limitations in Computer Engineering. | 4 |
| PLO11 | Beceriler - Bilişsel, Uygulamalı | Uses information and communication technologies at an advanced level interactively with computer software required by Computer Engineering. | 2 |
| PLO12 | Bilgi - Kuramsal, Olgusal | Observes social, scientific and ethical values in all professional activities. |
Week Plan
| Week | Topic | Preparation | Methods |
|---|---|---|---|
| 1 | Introduction to Web Application Security | Reading related chapter in lecture notes | Öğretim Yöntemleri: Anlatım |
| 2 | Browser security: attack to browsers, users tracking/profiling, privacy preserving, anonymity, secure browsing | Reading related chapter in lecture notes | Öğretim Yöntemleri: Anlatım |
| 3 | User Authentication and Session Management | Reading related chapter in lecture notes | Öğretim Yöntemleri: Anlatım |
| 4 | Web Environment Security: Secure set-up of web servers and firewalling | Reading related chapter in lecture notes | Öğretim Yöntemleri: Anlatım |
| 5 | Website Attacks: SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSFR) | Reading related chapter in lecture notes | Öğretim Yöntemleri: Anlatım |
| 6 | Secure HTTP (HTTPS): Goals and Pitfalls | Reading related chapter in lecture notes | Öğretim Yöntemleri: Anlatım |
| 7 | Internet E-Mail: MIME and PGP, phishing, spamming & spoofing, e-mail forensics | Reading related chapter in lecture notes | Öğretim Yöntemleri: Anlatım |
| 8 | Mid-Term Exam | Ölçme Yöntemleri: Yazılı Sınav |
|
| 9 | Secure E-Payment Systems for Websites | Reading related chapter in lecture notes | Öğretim Yöntemleri: Anlatım |
| 10 | Cloud Computing and Security | Reading related chapter in lecture notes | Öğretim Yöntemleri: Anlatım |
| 11 | Web DDoS Attacks and Prevention | Reading related chapter in lecture notes | Öğretim Yöntemleri: Anlatım |
| 12 | Security in parsing of XML data, XML injection | Reading related chapter in lecture notes | Öğretim Yöntemleri: Anlatım |
| 13 | AJAX and Web Services (SOAP and REST) Security | Reading related chapter in lecture notes | Öğretim Yöntemleri: Anlatım |
| 14 | Security Concepts of Java Servlets, Java Server Pages and Java Server Faces | Reading related chapter in lecture notes | Öğretim Yöntemleri: Anlatım |
| 15 | Recent Attack Trends and Cutting-Edge Web Security | Reading related chapter in lecture notes | Öğretim Yöntemleri: Anlatım |
| 16 | Term Exams | Ölçme Yöntemleri: Yazılı Sınav |
|
| 17 | Term Exams | Ölçme Yöntemleri: Yazılı Sınav |
Student Workload - ECTS
| Works | Number | Time (Hour) | Workload (Hour) |
|---|---|---|---|
| Course Related Works | |||
| Class Time (Exam weeks are excluded) | 14 | 3 | 42 |
| Out of Class Study (Preliminary Work, Practice) | 14 | 5 | 70 |
| Assesment Related Works | |||
| Homeworks, Projects, Others | 0 | 0 | 0 |
| Mid-term Exams (Written, Oral, etc.) | 1 | 15 | 15 |
| Final Exam | 1 | 30 | 30 |
| Total Workload (Hour) | 157 | ||
| Total Workload / 25 (h) | 6,28 | ||
| ECTS | 6 ECTS | ||