Web Application Security (5 cr)
Code: TTC6500-3004
General information
- Enrollment
-
01.08.2024 - 22.08.2024
Registration for the implementation has ended.
- Timing
-
26.08.2024 - 18.12.2024
Implementation has ended.
- Number of ECTS credits allocated
- 5 cr
- Local portion
- 5 cr
- Mode of delivery
- Face-to-face
- Unit
- School of Technology
- Campus
- Lutakko Campus
- Teaching languages
- English
- Seats
- 0 - 35
- Degree programmes
- Bachelor's Degree Programme in Information and Communications Technology
- Bachelor's Degree Programme in Information and Communications Technology
- Teachers
- Joonatan Ovaska
- Groups
-
TTV22S5Tieto- ja viestintätekniikka (AMK)
-
TTV22S2Tieto- ja viestintätekniikka (AMK)
-
TTV22S3Tieto- ja viestintätekniikka (AMK)
-
TIC22S1Bachelor's Degree Programme in Information and Communications Technology
-
TTV22S1Tieto- ja viestintätekniikka (AMK)
-
TTV22S4Tieto- ja viestintätekniikka (AMK)
- Course
- TTC6500
Realization has 46 reservations. Total duration of reservations is 98 h 30 min.
| Time | Topic | Location |
|---|---|---|
|
Mon 26.08.2024 time 15:15 - 16:45 (1 h 30 min) |
Ethical hacking Moduuli info |
P2_D110
Auditorio
|
|
Tue 27.08.2024 time 09:00 - 10:30 (1 h 30 min) |
Web Application Security TTC6500-3004 |
P2_D436
Tietoliikennelaboratorio
|
|
Wed 28.08.2024 time 09:00 - 11:30 (2 h 30 min) |
Workshop |
P2_D327
CISCO-laboratorio
|
|
Fri 30.08.2024 time 12:00 - 14:30 (2 h 30 min) |
Workshop |
P2_D436
Tietoliikennelaboratorio
|
|
Tue 03.09.2024 time 09:00 - 10:30 (1 h 30 min) |
Web Application Security TTC6500-3004 |
P2_D436
Tietoliikennelaboratorio
|
|
Wed 04.09.2024 time 09:00 - 11:30 (2 h 30 min) |
Workshop |
P2_D327
CISCO-laboratorio
|
|
Fri 06.09.2024 time 12:00 - 14:30 (2 h 30 min) |
Workshop |
P2_D436
Tietoliikennelaboratorio
|
|
Tue 10.09.2024 time 09:00 - 10:30 (1 h 30 min) |
Web Application Security TTC6500-3004 |
P2_D436
Tietoliikennelaboratorio
|
|
Wed 11.09.2024 time 09:00 - 11:30 (2 h 30 min) |
Workshop |
P2_D327
CISCO-laboratorio
|
|
Fri 13.09.2024 time 12:00 - 14:30 (2 h 30 min) |
Workshop |
P2_D436
Tietoliikennelaboratorio
|
|
Tue 17.09.2024 time 09:00 - 10:30 (1 h 30 min) |
Web Application Security TTC6500-3004 |
P2_D436
Tietoliikennelaboratorio
|
|
Wed 18.09.2024 time 09:00 - 11:30 (2 h 30 min) |
Workshop |
P2_D327
CISCO-laboratorio
|
|
Fri 20.09.2024 time 12:00 - 14:30 (2 h 30 min) |
Workshop |
Verkko/Online (KYHA)
|
|
Tue 24.09.2024 time 09:00 - 10:30 (1 h 30 min) |
Web Application Security TTC6500-3004 |
Verkko/Online (KYHA)
|
|
Wed 25.09.2024 time 09:00 - 11:30 (2 h 30 min) |
Workshop |
Verkko/Online (KYHA)
|
|
Fri 27.09.2024 time 12:00 - 14:30 (2 h 30 min) |
Workshop |
Verkko/Online (KYHA)
|
|
Tue 01.10.2024 time 09:00 - 10:30 (1 h 30 min) |
Web Application Security TTC6500-3004 |
P2_D436
Tietoliikennelaboratorio
|
|
Wed 02.10.2024 time 09:00 - 11:30 (2 h 30 min) |
Workshop |
P2_D327
CISCO-laboratorio
|
|
Fri 04.10.2024 time 12:00 - 14:30 (2 h 30 min) |
Workshop |
P2_D436
Tietoliikennelaboratorio
|
|
Tue 08.10.2024 time 09:00 - 10:30 (1 h 30 min) |
Web Application Security TTC6500-3004 |
P2_D436
Tietoliikennelaboratorio
|
|
Wed 09.10.2024 time 09:00 - 11:30 (2 h 30 min) |
Workshop |
P2_D327
CISCO-laboratorio
|
|
Fri 11.10.2024 time 12:00 - 14:30 (2 h 30 min) |
Workshop |
P2_D436
Tietoliikennelaboratorio
|
|
Tue 22.10.2024 time 09:00 - 10:30 (1 h 30 min) |
Web Application Security TTC6500-3004 |
P2_D436
Tietoliikennelaboratorio
|
|
Wed 23.10.2024 time 09:00 - 11:30 (2 h 30 min) |
Workshop |
P2_D327
CISCO-laboratorio
|
|
Fri 25.10.2024 time 12:00 - 14:30 (2 h 30 min) |
Workshop |
P2_D436
Tietoliikennelaboratorio
|
|
Tue 29.10.2024 time 09:00 - 10:30 (1 h 30 min) |
Web Application Security TTC6500-3004 |
P2_D436
Tietoliikennelaboratorio
|
|
Wed 30.10.2024 time 09:00 - 11:30 (2 h 30 min) |
Workshop |
P2_D327
CISCO-laboratorio
|
|
Fri 01.11.2024 time 12:00 - 14:30 (2 h 30 min) |
Workshop |
Verkko/Online (KYHA)
|
|
Tue 05.11.2024 time 09:00 - 10:30 (1 h 30 min) |
Web Application Security TTC6500-3004 |
Verkko/Online (KYHA)
|
|
Wed 06.11.2024 time 09:00 - 11:30 (2 h 30 min) |
Workshop |
Verkko/Online (KYHA)
|
|
Fri 08.11.2024 time 12:00 - 14:30 (2 h 30 min) |
Workshop |
Verkko/Online (KYHA)
|
|
Tue 12.11.2024 time 09:00 - 10:30 (1 h 30 min) |
Web Application Security TTC6500-3004 |
P2_D436
Tietoliikennelaboratorio
|
|
Wed 13.11.2024 time 09:00 - 11:30 (2 h 30 min) |
Workshop |
P2_D327
CISCO-laboratorio
|
|
Fri 15.11.2024 time 12:00 - 14:30 (2 h 30 min) |
Workshop |
P2_D436
Tietoliikennelaboratorio
|
|
Tue 19.11.2024 time 09:00 - 10:30 (1 h 30 min) |
Web Application Security TTC6500-3004 |
P2_D436
Tietoliikennelaboratorio
|
|
Wed 20.11.2024 time 09:00 - 11:30 (2 h 30 min) |
Workshop |
P2_D327
CISCO-laboratorio
|
|
Fri 22.11.2024 time 12:00 - 14:30 (2 h 30 min) |
Workshop |
P2_D436
Tietoliikennelaboratorio
|
|
Tue 26.11.2024 time 09:00 - 10:30 (1 h 30 min) |
Web Application Security TTC6500-3004 |
P2_D436
Tietoliikennelaboratorio
|
|
Wed 27.11.2024 time 09:00 - 11:30 (2 h 30 min) |
Workshop |
P2_D327
CISCO-laboratorio
|
|
Fri 29.11.2024 time 12:00 - 14:30 (2 h 30 min) |
Workshop |
P2_D436
Tietoliikennelaboratorio
|
|
Tue 03.12.2024 time 09:00 - 10:30 (1 h 30 min) |
Web Application Security TTC6500-3004 |
P2_D436
Tietoliikennelaboratorio
|
|
Wed 04.12.2024 time 09:00 - 11:30 (2 h 30 min) |
Workshop |
P2_D327
CISCO-laboratorio
|
|
Tue 10.12.2024 time 09:00 - 10:30 (1 h 30 min) |
Web Application Security TTC6500-3004 |
Verkko/Online (KYHA)
|
|
Wed 11.12.2024 time 09:00 - 11:30 (2 h 30 min) |
Workshop |
Verkko/Online (KYHA)
|
|
Fri 13.12.2024 time 12:00 - 15:00 (3 h 0 min) |
Workshop |
P2_D436
Tietoliikennelaboratorio
|
|
Tue 17.12.2024 time 09:00 - 10:30 (1 h 30 min) |
Web Application Security TTC6500-3004 |
P2_D436
Tietoliikennelaboratorio
|
Evaluation scale
0-5
Content scheduling
Assignments have weekly deadlines.
We go through OWASP TOP10 2021 list week by week basis and we do assignments based on those topics.
Objective
This course enables the student to think about web application security in a holistic fashion. The student will learn an effective toolset and methodology for finding, exploiting, and fixing common web application vulnerabilities.
Competences
EUR-ACE: Knowledge and understanding
EUR-ACE: Engineering practice
EUR-ACE: Multidisciplinary competences
Content
This is a course about applied cyber security. We will consider common web application vulnerabilities through a series of hands-on exercises using real-world examples (mostly).
We will address various topics related to web and web applications, such as the browser security model, input validation, servlet containers, databases and injections.
We will address current trends in cyber security landscape, and their effect on the web.
Materials
Materials in the e-learning environment and the book: Real-World Bug Hunting: A Field Guide to Web Hacking
Teaching methods
- lectures
- independent study
- distance learning
- webinars
- exercises
- learning tasks
- book
Exam schedules
No exam, assessment is based on assignments.
Completion alternatives
The admission procedures are described in the degree rule and the study guide. The teacher of the course will give you more information on possible specific course practices.
Student workload
One credit (1 Cr) corresponds to an average of 27 hours of work.
- lectures 15 h
- demos 5 h
- reading assignments 15 h
- independent study 40 h
- assignment solving 50 h
- assignment reporting 10 h
Total 135 h
Assessment criteria, satisfactory (1)
2: The student is able to find common web application vulnerabilities. The student can understand the working principles of existing exploit techniques. The student can write a report that covers most findings and mitigation recommendations for most vulnerability types addressed by this course. The student is able to update their knowledge independently by following various news and research outlets.
1: The student is able to find simple web application vulnerabilities. The student can understand the basics of existing exploit techniques. The student can write a report that covers findings and mitigation recommendations for some vulnerability types addressed by this course. The student is able to find information about major news and events.
Assessment criteria, good (3)
4: The student is able to find and mitigate common web application vulnerabilities. The student can modify and create simple exploits to achieve desired goals. The student can write a report that covers findings and mitigation recommendations for most vulnerability types addressed by this course. The student is able to update their knowledge independently by following various news and research outlets.
3: The student is able to find and mitigate common web application vulnerabilities. The student can understand the working principles of existing exploit techniques. The student can write a report that covers most findings and mitigation recommendations for most vulnerability types addressed by this course. The student is able to update their knowledge independently by following various news and research outlets.
Assessment criteria, excellent (5)
5: The student is able to independently find, exploit, and mitigate common web application vulnerabilities. The student can create and modify exploits to achieve the desired goals. The student can write a succinct report that covers all the salient findings and mitigation recommendations for all vulnerability types addressed by this course. The student is able to update their knowledge independently by following various news and research outlets.
Assessment criteria, approved/failed
0: The student does not meet the criteria set for grade 1.
Qualifications
The course requires a solid understanding of programming and previous experience in web technologies. The student must be comfortable using command line tools.
Further information
No exam, assessment is based on assignments.