AITC435

Weekly Course Topics:

Intro to the class; web app security vs. network security; the OWASP top 10
Web security fundamentals
Authentication: Who are you?
Hacking with WebGoat - Basics, proxies, auth bypass, insecure login
Authorization: Do you have the rights?
Session management and The same origin policy
Cross-site scripting and cross-site request forgery
Hacking with WebGoat - JWT, XSS, CSRF
Injection (SQL, XXE)
File system exploitation; secure development and deployment
Hacking with WebGoat - SQL injection, insecure direct object reference, insecure deserialization, HTML tampering
Final project presentations in class
Take home final