Siirry suoraan sisältöön

Web Application Security (5 cr)

Code: TTC6500-3004

General information


Enrollment

01.08.2024 - 22.08.2024

Timing

26.08.2024 - 18.12.2024

Number of ECTS credits allocated

5 op

Mode of delivery

Face-to-face

Unit

School of Technology

Campus

Lutakko Campus

Teaching languages

  • English

Seats

0 - 35

Degree programmes

  • Bachelor's Degree Programme in Information and Communications Technology
  • Bachelor's Degree Programme in Information and Communications Technology

Teachers

  • Joonatan Ovaska

Groups

  • TTV22S5
    Tieto- ja viestintätekniikka (AMK)
  • TTV22S2
    Tieto- ja viestintätekniikka (AMK)
  • TTV22S3
    Tieto- ja viestintätekniikka (AMK)
  • TIC22S1
    Bachelor's Degree Programme in Information and Communications Technology
  • TTV22S1
    Tieto- ja viestintätekniikka (AMK)
  • TTV22S4
    Tieto- ja viestintätekniikka (AMK)
  • 26.08.2024 15:15 - 16:45, Ethical hacking Moduuli info
  • 27.08.2024 09:00 - 10:30, Web Application Security TTC6500-3004
  • 28.08.2024 09:00 - 11:30, Workshop
  • 30.08.2024 12:00 - 14:30, Workshop
  • 03.09.2024 09:00 - 10:30, Web Application Security TTC6500-3004
  • 04.09.2024 09:00 - 11:30, Workshop
  • 06.09.2024 12:00 - 14:30, Workshop
  • 10.09.2024 09:00 - 10:30, Web Application Security TTC6500-3004
  • 11.09.2024 09:00 - 11:30, Workshop
  • 13.09.2024 12:00 - 14:30, Workshop
  • 17.09.2024 09:00 - 10:30, Web Application Security TTC6500-3004
  • 18.09.2024 09:00 - 11:30, Workshop
  • 20.09.2024 12:00 - 14:30, Workshop
  • 24.09.2024 09:00 - 10:30, Web Application Security TTC6500-3004
  • 25.09.2024 09:00 - 11:30, Workshop
  • 27.09.2024 12:00 - 14:30, Workshop
  • 01.10.2024 09:00 - 10:30, Web Application Security TTC6500-3004
  • 02.10.2024 09:00 - 11:30, Workshop
  • 04.10.2024 12:00 - 14:30, Workshop
  • 08.10.2024 09:00 - 10:30, Web Application Security TTC6500-3004
  • 09.10.2024 09:00 - 11:30, Workshop
  • 11.10.2024 12:00 - 14:30, Workshop
  • 22.10.2024 09:00 - 10:30, Web Application Security TTC6500-3004
  • 23.10.2024 09:00 - 11:30, Workshop
  • 25.10.2024 12:00 - 14:30, Workshop
  • 29.10.2024 09:00 - 10:30, Web Application Security TTC6500-3004
  • 30.10.2024 09:00 - 11:30, Workshop
  • 01.11.2024 12:00 - 14:30, Workshop
  • 05.11.2024 09:00 - 10:30, Web Application Security TTC6500-3004
  • 06.11.2024 09:00 - 11:30, Workshop
  • 08.11.2024 12:00 - 14:30, Workshop
  • 12.11.2024 09:00 - 10:30, Web Application Security TTC6500-3004
  • 13.11.2024 09:00 - 11:30, Workshop
  • 15.11.2024 12:00 - 14:30, Workshop
  • 19.11.2024 09:00 - 10:30, Web Application Security TTC6500-3004
  • 20.11.2024 09:00 - 11:30, Workshop
  • 22.11.2024 12:00 - 14:30, Workshop
  • 26.11.2024 09:00 - 10:30, Web Application Security TTC6500-3004
  • 27.11.2024 09:00 - 11:30, Workshop
  • 29.11.2024 12:00 - 14:30, Workshop
  • 03.12.2024 09:00 - 10:30, Web Application Security TTC6500-3004
  • 04.12.2024 09:00 - 11:30, Workshop
  • 10.12.2024 09:00 - 10:30, Web Application Security TTC6500-3004
  • 11.12.2024 09:00 - 11:30, Workshop
  • 13.12.2024 12:00 - 15:00, Workshop
  • 17.12.2024 09:00 - 10:30, Web Application Security TTC6500-3004

Objective

This course enables the student to think about web application security in a holistic fashion. The student will learn an effective toolset and methodology for finding, exploiting, and fixing common web application vulnerabilities.

Competences
EUR-ACE: Knowledge and understanding 
EUR-ACE: Engineering practice 
EUR-ACE: Multidisciplinary competences

Content

This is a course about applied cyber security. We will consider common web application vulnerabilities through a series of hands-on exercises using real-world examples (mostly).

We will address various topics related to web and web applications, such as the browser security model, input validation, servlet containers, databases and injections.

We will address current trends in cyber security landscape, and their effect on the web.

Oppimateriaali ja suositeltava kirjallisuus

Materials in the e-learning environment and the book: Real-World Bug Hunting: A Field Guide to Web Hacking

Teaching methods

- lectures
- independent study
- distance learning
- webinars
- exercises
- learning tasks
- book

Exam schedules

No exam, assessment is based on assignments.

Vaihtoehtoiset suoritustavat

The admission procedures are described in the degree rule and the study guide. The teacher of the course will give you more information on possible specific course practices.

Student workload

One credit (1 Cr) corresponds to an average of 27 hours of work.

- lectures 15 h
- demos 5 h
- reading assignments 15 h
- independent study 40 h
- assignment solving 50 h
- assignment reporting 10 h
Total 135 h

Content scheduling

Assignments have weekly deadlines.

We go through OWASP TOP10 2021 list week by week basis and we do assignments based on those topics.

Further information

No exam, assessment is based on assignments.

Evaluation scale

0-5

Arviointikriteerit, tyydyttävä (1-2)

2: The student is able to find common web application vulnerabilities. The student can understand the working principles of existing exploit techniques. The student can write a report that covers most findings and mitigation recommendations for most vulnerability types addressed by this course. The student is able to update their knowledge independently by following various news and research outlets.

1: The student is able to find simple web application vulnerabilities. The student can understand the basics of existing exploit techniques. The student can write a report that covers findings and mitigation recommendations for some vulnerability types addressed by this course. The student is able to find information about major news and events.

Arviointikriteerit, hyvä (3-4)

4: The student is able to find and mitigate common web application vulnerabilities. The student can modify and create simple exploits to achieve desired goals. The student can write a report that covers findings and mitigation recommendations for most vulnerability types addressed by this course. The student is able to update their knowledge independently by following various news and research outlets.

3: The student is able to find and mitigate common web application vulnerabilities. The student can understand the working principles of existing exploit techniques. The student can write a report that covers most findings and mitigation recommendations for most vulnerability types addressed by this course. The student is able to update their knowledge independently by following various news and research outlets.

Assessment criteria, excellent (5)

5: The student is able to independently find, exploit, and mitigate common web application vulnerabilities. The student can create and modify exploits to achieve the desired goals. The student can write a succinct report that covers all the salient findings and mitigation recommendations for all vulnerability types addressed by this course. The student is able to update their knowledge independently by following various news and research outlets.

Assessment criteria, approved/failed

0: The student does not meet the criteria set for grade 1.

Qualifications

The course requires a solid understanding of programming and previous experience in web technologies. The student must be comfortable using command line tools.