CSEC505 WEB APPLICATION SECURITY
| Course Code: | 9100505 |
| METU Credit (Theoretical-Laboratory hours/week): | 3 (0.00 - 0.00) |
| ECTS Credit: | 8.0 |
| Department: | Cyber Security |
| Language of Instruction: | English |
| Level of Study: | Graduate |
| Course Coordinator: | |
| Offered Semester: | Fall Semesters. |
Course Objectives
Course Content
State, in sequential order and without resorting to structured sentences,the main topics, issues, concerns etc. covered in the course, separate individual items with a semi-colon or a full stop; only proper names and words beginning after a full stop should be capitalized.
Introduction to web application security: web application insecurity, core defense mechanisms, web application technologies. Mapping the application and bypassing client-side controls. Attacking authentication. Attacking session management and access controls. Attacking data stores: SQL, NoSQL, XPATH and LDAP injection. Attacking back-end components: OS command, XML, HTTP and SMTP injection. Attacking application logic. Attacking users: cross-site scripting and other techniques.Automating customized attacks and exploiting information disclosure. Attacking application architecture and application server. Web application security testing tools: setting up virtual lab and toolset. Live web application security assessment.