Μ103. Internet Security

1. Course Identity

Course title: Internet Security

Semester: 1nd

Hours per week: 3

ECTS Units: 6

Tutor: Ilioudis Christos

2. Learning goals

This module gives an introductory coverage of fundamentals of Internet and web security.

This course covers Web safety and browser vulnerabilities, privacy concerns, issues with Java, JavaScript, ActiveX, and all things Web and security related. Various protocols, and approaches to provide web services in as secure a manner as possible will be investigated.

By the end of the module students should be able to:

  • Understanding the vulnerabilities of internet-based systems
  • Demonstrate the threats associated with providing active/dynamic web content and understand how the vulnerabilities affect the design, implementation, and maintenance of active/dynamic web content.
  • Know how to conduct an audit/review of an existing system to identify and correct for security vulnerabilities.

3. Content:

The subjects covered are:

  • Introduction to Internet Security
  • Fundamentals of web security: Overview of web technologies, Web application architecture, Recent attack trends, Authentication vulnerabilities and defense, Authorization vulnerabilities and defense.
  • Web Application Common Vulnerabilities and Mitigations: encryption use in web application, SSL vulnerabilities, Session vulnerabilities, Cross Site Request Forgery, SQL Injection vulnerabilities, testing and defense.
  • Proactive Defense and Operation Security: Cross Site Scripting vulnerability and defenses, Web environment configuration security, Intrusion detection in web application, Incident handling
  • Web Services security: Web services overview, XML security, WS security framework
  • Risk Assessment & Threat Modelling: risk modelling for developing secure web applications,
  • Design, Implementation, & Evaluation of Secure Web Apps: implementation & evaluation of secure web servers, services and applications.

4. Teaching

The course will be covered by weekly lectures. An important part of the student load is the homework assignments on a specific part of the course. Moreover, there will be a final project requirement where the student will study a state of the art web security problem.

5. Student evaluation

Student evaluation will be based on the grades of the homeworks, the grade of the final project and the final exams.

7. Bibliography

  • Textbook: D. Stuttard and M. Pinto. The Web Application Hacker’s Handbook. Wiley. 2008. ISBN:978-0-470-17077-9 )
  • Selected readings from various sources as assigned