AITC435
Weekly Course Topics:
- Intro to the class; web app security vs. network security; the OWASP top 10
- Web security fundamentals
- Authentication: Who are you?
- Hacking with WebGoat - Basics, proxies, auth bypass, insecure login
- Authorization: Do you have the rights?
- Session management and The same origin policy
- Cross-site scripting and cross-site request forgery
- Hacking with WebGoat - JWT, XSS, CSRF
- Injection (SQL, XXE)
- File system exploitation; secure development and deployment
- Hacking with WebGoat - SQL injection, insecure direct object reference, insecure deserialization, HTML tampering
- Final project presentations in class
- Take home final