Opinto-opas

Objective

The course focuses on threats to the WEB applications and the clients of the WEB applications. Most important attack vectors, as described by OWASP TOP-10, are considered. Attack vector combinations are considered and their combined impact to security is exposed. Special emphasis will be set on practical security protection methods.
The process of WEB application penetration testing will be based on relevant standards e.g.: the Penetration Testing Execution Standard.

Upon completing the course student is able to:
- be aware of the most severe WEP application attacks occurring daily world-wide (OWASP TOP-10)
- evaluate the impact of organizational risks associated with different WEB application threads
- use the Penetration Testing Execution Standard as a guideline to create organized and well documented WEB application testing procedure
- apply techniques and tools to test practical WEB application security level
- repair practical WEB application security vulnerabilities revealed by penetration testing

Content

Chapter 1: Introduction to WEB Application Security
Chapter 2: WEB Application Technologies and Frameworks
Chapter 3: WEB Application Defense Mechanisms
Chapter 4: Mapping the Application
Chapter 5: By-passing Client Side Controls
Chapter 6: Attacking Authentication
Chapter 7: Attacking Session Management
Chapter 8: Attacking Access Controls
Chapter 9: Injecting code
Chapter 10: Attacking Other Users
Chapter 11: Other Exploitation Methods
Chapter 12: Web Application Security Tools
Chapter 13: Penetration Testing Standards

Further information

Online course. Course starts on 24 Feb and ends on 15 May.

Evaluation scale

0-5

Assessment criteria, satisfactory (1)

Students have achieved the required course objectives fairly. Students will be able to identify, define and use the course subject area’s concepts and models. The student understands the criteria and principles required for development

Assessment criteria, good (3)

Students have achieved the course objectives well, even though the knowledge and skills need improvement on some areas. Students are able to define the course concepts and models and are able to justify the analysis. The student is able to apply their knowledge in leisure, study and work situations. The student understands the importance of expertise in the field of information technology and is able to analyze his/her own expertise.

Assessment criteria, excellent (5)

Students have achieved the objectives of the course with excellent marks. Students master commendably the course subject area’s concepts and models. Students are able to make justified and fluent analysis and to present concrete development measures. The students are well prepared to apply their knowledge in leisure, study and work situations. Students are able to analyze the information technology sector expertise and the evolvement of their own expertise.