Identifying security flows and then securing a web application. The student is expected to deliver a report of the identified security flows, the process followed for identifying this, and a proposal for fixing the problems/issues found.
Closed book unseen examination (2 hours)
A weighted aggregate mark of 50% is required to pass the module.
Today almost no business can survive without the utilisation of the Internet as a mean to provide services or products to customers or other businesses. Web applications have become robust and easy to use; therefore the largest population now is more intrigued to use the Web as a mean of purchasing, banking or even communicating with other people. Therefore, such applications have become a good target to hackers who would try to exploit every vulnerable point that may become available to them. Due to the continuously increasing need for more robust and faster Web applications, technologies need to change and adapt, causing new security flows, therefore requiring taking continuous measures to discover and fix security holes. By exposing the weaknesses of such Web applications and discovering how attacks are made should provide the basis to secure a Web application.
Familiarisation with Web application principles, protocols and implementation, and also with basic security principles. The students should have attended either Enterprise Systems Development (COMM030) or Agile Web Development (COMM013). Modules related to security such as Computer Security (COMM024) or Network Security (COMM026) is also desirable but not essential.
The aim of this module is to make the students aware of the need and importance of security in Web applications and to investigate ways of thinking and solving such security problems. The students will explore in practice the vulnerable points of weak Web applications and the different attacking methods that hackers perform then and learn how to prevent such attacks.
By the end of the module the students should be able to:
understand the vulnerability of web applications and the need for securing them
categorise the different attack methods and learn how each can affect the application’s security
examine and secure a web application to prevent it from attacks
put theory in practice through the usage of comprehensive tools in order to discover vulnerable points in a web application and then securing the application to prevent attacks.
Introduction Web Applications security
What is Web hacking and why is it important
Tools and automation
Attacking methods and countermeasures
Web Platforms: detecting evasion techniques and countermeasures for popular web platforms
Web Authentication: password based, multifactor (e.g. SecureID, Passmark, etc), and online authentication services (e.g. Microsoft Passport)
Web Authorisation: session analysis, hijacking, and fixation techniques