ABL1501 Web Application Security

5 ECTS - 3-0 Duration (T+A)- . Semester- 3 National Credit

Information

Code ABL1501
Name Web Application Security
Term 2024-2025 Academic Year
Term Spring
Duration (T+A) 3-0 (T-A) (17 Week)
ECTS 5 ECTS
National Credit 3 National Credit
Teaching Language Türkçe
Level Yüksek Lisans Dersi
Type Normal
Mode of study Yüz Yüze Öğretim
Catalog Information Coordinator
Course Instructor
1


Course Goal / Objective

This course involves the security methods applied to websites web applicatiions and web services The course focuses on how to develop and maintain secure web applications by applying security principles and techniques.

Course Content

Users tracking/profiling. Privacy preserving. User authentication and session management. Web environment security: secure set-up of web servers and firewalling. SQL injection. Cross-site scripting (XSS). Cross-site request forgery (CSFR). Secure HTTP (HTTPS): goals and pitfalls. Internet e-mail: MIME and PGP, phishing, spamming & spoofing. Secure e-payment systems for websites. Cloud computing and security. Web DDoS attacks and prevention. XML security. AJAX and web services security. Security concepts of PHP vs. java servlets. Recent attack trends and cutting-edge web security.

Course Precondition

There are no prerequisites.

Resources

1. William Stallings , “Network Security Essentials”, 5th Edition, 2014

Notes

2. Kaufman, Perlman, and Speciner, “Network Security: Private Communication in a Public World”, 2nd Edition, 2002 3. Wu and Irwin, “Introduction to Computer Networks and Cybersecurity”, 2013


Course Learning Outcomes

Order Course Learning Outcomes
LO01 Ability to describe web-based applications and associated threats and differentiate from mainframe, client-server applications.
LO02 Ability to evaluate web application security vulnerabilities and take countermeasures
LO03 Ability to detect and mitigate Web DDoS attacks
LO04 Ability to understand the role of secure web-based applications in e-commerce transactions
LO05 Ability to describe the security concepts of PHP
LO06 Ability to describe recent web attack trends and cutting-edge web security


Relation with Program Learning Outcome

Order Type Program Learning Outcomes Level
PLO01 Bilgi - Kuramsal, Olgusal Knows current concepts in the field of Forensic Sciences. 4
PLO02 Bilgi - Kuramsal, Olgusal Comprehends the relations between the areas of Forensic Sciences. 4
PLO03 Bilgi - Kuramsal, Olgusal Comprehends the importance of ethical principles and ethical committees for the individual and society. 3
PLO04 Bilgi - Kuramsal, Olgusal Knows the concept of expertise and forensic procedural approach.
PLO05 Bilgi - Kuramsal, Olgusal Recognize the statistical methods that are frequently used in studies in the field of Forensic Sciences. 4
PLO06 Bilgi - Kuramsal, Olgusal Knows crime scene investigation and evidence collection procedures 4
PLO07 Beceriler - Bilişsel, Uygulamalı Interprets the knowledge gained in the field by integrating it with the knowledge from different disciplines.
PLO08 Beceriler - Bilişsel, Uygulamalı Uses statistical software that is frequently used in the field of Forensic Sciences.
PLO09 Beceriler - Bilişsel, Uygulamalı Uses the knowledge and research methods obtained in the field in solving forensic cases.
PLO10 Beceriler - Bilişsel, Uygulamalı Takes responsibility by participating in teamwork
PLO11 Beceriler - Bilişsel, Uygulamalı Develops solutions for solving complex problems that may be encountered in the field of Forensic Sciences. 5
PLO12 Yetkinlikler - Bağımsız Çalışabilme ve Sorumluluk Alabilme Yetkinliği Can lead in certain challenging Forensic circumstances include interdisciplinary ones. 3
PLO13 Yetkinlikler - Bağımsız Çalışabilme ve Sorumluluk Alabilme Yetkinliği Follow the scientific meetings and researches in forensic area. 3
PLO14 Yetkinlikler - Alana Özgü Yetkinlik Discusses current developments and studies with different groups in written, oral and visual formats.
PLO15 Yetkinlikler - Alana Özgü Yetkinlik Uses current developments, information and practices in Forensic Sciences for the benefit of society. 3


Week Plan

Week Topic Preparation Methods
1 Introduction to Web Application Security Reading resources on the topic Öğretim Yöntemleri:
Anlatım, Soru-Cevap
2 Browser security: attack to browsers, users tracking/profiling, privacy preserving, anonymity, secure browsing Reading resources on the topic Öğretim Yöntemleri:
Anlatım, Soru-Cevap
3 User Authentication and Session Management Reading resources on the topic Öğretim Yöntemleri:
Anlatım, Soru-Cevap
4 Web Environment Security: Secure set-up of web servers and firewalling Reading resources on the topic Öğretim Yöntemleri:
Anlatım, Soru-Cevap
5 Website Attacks: SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSFR) Reading resources on the topic Öğretim Yöntemleri:
Anlatım, Soru-Cevap
6 Secure HTTP (HTTPS): Goals and Pitfalls Reading resources on the topic Öğretim Yöntemleri:
Anlatım, Soru-Cevap
7 Internet E-Mail: MIME and PGP, phishing, spamming & spoofing, e-mail forensics Reading resources on the topic Öğretim Yöntemleri:
Anlatım, Soru-Cevap
8 Mid-Term Exam Reading resources on the topic Ölçme Yöntemleri:
Yazılı Sınav
9 Secure E-Payment Systems for Websites Reading resources on the topic Öğretim Yöntemleri:
Anlatım, Soru-Cevap
10 Cloud Computing and Security Reading resources on the topic Öğretim Yöntemleri:
Anlatım, Soru-Cevap
11 Web DDoS Attacks and Prevention Reading resources on the topic Öğretim Yöntemleri:
Anlatım, Soru-Cevap
12 Security in parsing of XML data, XML injection Reading resources on the topic Öğretim Yöntemleri:
Anlatım, Soru-Cevap
13 AJAX and Web Services (SOAP and REST) Security Reading resources on the topic Öğretim Yöntemleri:
Anlatım, Soru-Cevap
14 Security Concepts of PHP vs. Java Servlets Reading resources on the topic Öğretim Yöntemleri:
Anlatım, Soru-Cevap
15 Recent Topics in Web Security Reading resources on the topic Öğretim Yöntemleri:
Anlatım, Soru-Cevap
16 Term Exams Reading resources on the topic Ölçme Yöntemleri:
Yazılı Sınav
17 Term Exams Reading resources on the topic Ölçme Yöntemleri:
Yazılı Sınav


Student Workload - ECTS

Works Number Time (Hour) Workload (Hour)
Course Related Works
Class Time (Exam weeks are excluded) 14 3 42
Out of Class Study (Preliminary Work, Practice) 14 3 42
Assesment Related Works
Homeworks, Projects, Others 0 0 0
Mid-term Exams (Written, Oral, etc.) 1 15 15
Final Exam 1 30 30
Total Workload (Hour) 129
Total Workload / 25 (h) 5,16
ECTS 5 ECTS

Update Time: 17.05.2024 04:11