Securing Web ApplicationsLaajuus (3 ECTS)

Objective

A student knows many different ways to protect web server and he/she can make a safe user database and he/she can make many different security tests for it.

Content

Different vulnerabilities of web applications and how to protect web applications against them. The view of course is making a safe web applicatios as well as configuring a safe web server.

- OWASP Top ten
- Cross Site Scripting, Injections, Broken authentication
- Apache web server, installing & configuring'
- safe programming with PHP
- safe database connection (MySQL)
- user databases
- Google Hacking
- certificates and https-protocol
- basics of network security

Qualifications

Tietotekniikan perusteet, pc:n käyttöönotto, tietoturvallisuuden perusteet, Unix/linux-peruskurssi sekä jonkin ohjelmointikielen (esim. Java tai C) perustiedot.

Assessment criteria, satisfactory (1)

A student understand why it's important to make secure web applications and he/she can also make a simple and safe web-application and make simple security tests for it.

Assessment criteria, good (3)

A student can install a web server and he/she can configure sertificate settings and can make a self-signed sertificate and knows where to get a real certificate when needed. He/she can also make a safe database connection to web page

Assessment criteria, excellent (5)

A student knows many different ways to protect web server and he/she can make a safe user database and he/she can make many different security tests for it.