Web Application Security Testing (5cr)
Code
General information
- Enrollment
- 17.11.2025 - 08.01.2026
- Registration for the implementation has begun.
- Timing
- 12.01.2026 - 30.04.2026
- The implementation has not yet started.
- Number of ECTS credits allocated
- 5 cr
- Local portion
- 5 cr
- Mode of delivery
- Face-to-face
- Unit
- School of Technology
- Campus
- Lutakko Campus
- Teaching languages
- English
- Seats
- 0 - 35
- Degree programmes
- Bachelor's Degree Programme in Information and Communications Technology
- Teachers
- Jarmo Viinikanoja
- Groups
-
TIC24S1Bachelor's Degree Programme in Information and Communications Technology
- Course
- TT00CE17
Realization has 15 reservations. Total duration of reservations is 30 h 0 min.
| Time | Topic | Location |
|---|---|---|
|
Thu 15.01.2026 time 08:00 - 10:00 (2 h 0 min) |
Web Application Security Testing TT00CE17-3005 |
P2_D327
CISCO-laboratorio
|
|
Thu 22.01.2026 time 08:00 - 10:00 (2 h 0 min) |
Web Application Security Testing TT00CE17-3005 |
P2_D327
CISCO-laboratorio
|
|
Thu 29.01.2026 time 08:00 - 10:00 (2 h 0 min) |
Web Application Security Testing TT00CE17-3005 |
P2_D327
CISCO-laboratorio
|
|
Thu 05.02.2026 time 08:00 - 10:00 (2 h 0 min) |
Web Application Security Testing TT00CE17-3005 |
P2_D327
CISCO-laboratorio
|
|
Thu 12.02.2026 time 08:00 - 10:00 (2 h 0 min) |
Web Application Security Testing TT00CE17-3005 |
Online
|
|
Thu 19.02.2026 time 08:00 - 10:00 (2 h 0 min) |
Web Application Security Testing TT00CE17-3005 |
P2_D327
CISCO-laboratorio
|
|
Thu 05.03.2026 time 08:00 - 10:00 (2 h 0 min) |
Web Application Security Testing TT00CE17-3005 |
P2_D327
CISCO-laboratorio
|
|
Thu 12.03.2026 time 08:00 - 10:00 (2 h 0 min) |
Web Application Security Testing TT00CE17-3005 |
P2_D327
CISCO-laboratorio
|
|
Thu 19.03.2026 time 08:00 - 10:00 (2 h 0 min) |
Web Application Security Testing TT00CE17-3005 |
P2_D327
CISCO-laboratorio
|
|
Thu 26.03.2026 time 08:00 - 10:00 (2 h 0 min) |
Web Application Security Testing TT00CE17-3005 |
Online
|
|
Thu 02.04.2026 time 08:00 - 10:00 (2 h 0 min) |
Web Application Security Testing TT00CE17-3005 |
P2_D327
CISCO-laboratorio
|
|
Thu 09.04.2026 time 08:00 - 10:00 (2 h 0 min) |
Web Application Security Testing TT00CE17-3005 |
P2_D327
CISCO-laboratorio
|
|
Thu 16.04.2026 time 08:00 - 10:00 (2 h 0 min) |
Web Application Security Testing TT00CE17-3005 |
P2_D327
CISCO-laboratorio
|
|
Thu 23.04.2026 time 08:00 - 10:00 (2 h 0 min) |
Web Application Security Testing TT00CE17-3005 |
P2_D327
CISCO-laboratorio
|
|
Thu 30.04.2026 time 08:00 - 10:00 (2 h 0 min) |
Web Application Security Testing TT00CE17-3005 |
P2_D327
CISCO-laboratorio
|
Evaluation scale
0-5
Content scheduling
Assignments have weekly deadlines.
We go through OWASP TOP10 2021 list week by week basis and we do assignments based on those topics.
Objective
The student learns to understand the most common causes related to the security of web applications, learns to use tools and methods for detecting and exploiting common web applications and knows how to propose corrections to the risks found.
EUR-ACE Knowledge and understanding
You know the basic methods related to the security of web applications by applying theory and practice. You understand their importance when you implement analysis for web applications.
EUR-ACE Engineering practice
You can analyze the security of web applications using related methods applying practice and theory.
Content
In this course, you will learn to understand the root causes of common web application security issues and use tools and methods to detect and exploit vulnerabilities in web applications. You will be able to provide remediation suggestions for identified risks. You will understand the basic methods related to web application security and their importance in analysis. The course equips you with the skills to analyze web application security in both practical and theoretical contexts.
This course deals with applied cyber security. We go through common web application vulnerabilities through several practical exercises, using mostly real examples.
We deal with various weaknesses related to web applications, such as identification of authentication, input validation, and configuration errors.
We discuss the current trends in the cyber security environment and their effects on the network.
Topics covered:
-OWASP TOP 10
-Bug Bounty
Materials
Materials in the e-learning environment and the book: 978-1-59327-861-8 Real-world bug hunting : a field guide to web hacking
Teaching methods
- lectures
- independent study
- distance learning
- webinars
- exercises
- learning tasks
- book
Exam schedules
No exam, assessment is based on assignments.
Completion alternatives
The admission procedures are described in the degree rule and the study guide. The teacher of the course will give you more information on possible specific course practices.
Student workload
One credit (1 Cr) corresponds to an average of 27 hours of work.
- lectures 20 h
- reading assignments 15 h
- independent study 40 h
- assignment solving 50 h
- assignment reporting 10 h
Total 135 h
Assessment criteria, satisfactory (1)
Sufficient (1)
The student knows and understands the basic concepts and theory related to the security of web applications. The student is able to use the tools needed to test the security of web applications with assistance. The student knows that risks related to the security of web applications affect users of web applications in many areas.
Satisfactory (2)
The student knows and understands the basic concepts related to the security of web applications and the related theory. The student knows how to use the tools needed to test the security of web applications in a guided manner. The student knows that the risks related to the security of web applications and their effects on web application users are multifaceted.
Assessment criteria, good (3)
Good (3)
The student knows and understands the basic concepts related to the security of web applications and the related theory in a versatile way. The student knows how to use the tools needed to test the security of web applications. The student knows the risks related to the security of web applications and their effects on web application users in various fields.
Very Good (4)
The student knows and understands the concepts related to the security of web applications and the related theory in a versatile way. The student knows how to use the tools needed to test the security of web applications in an advanced manner. The student knows the risks related to the security of web applications and their effects on multidisciplinary web application users and other stakeholders.
Assessment criteria, excellent (5)
Excellent (5)
The student knows and understands the concepts related to the security of web applications and the related theory excellently. The student knows how to use the tools needed to test the security of web applications in an advanced manner, and is able to use new tools independently. The student knows and understands the risks related to the security of web applications and their multidisciplinary effects on web application users and other stakeholders.
Qualifications
Cyber Security
Linux basics
Further information
No exam, assessment is based on assignments.