Course code CSH011

Category Major Course

Course title Web Application Security
Scheme and Credits L T P Credits Semester VII
3 - - 3
Pre-requisites (if any) Web Technology

LEARNING OBJECTIVES:
The faculty will enhance the skills of the students to
 Know the importance of security on web applications.
 Identify and aid in fixing security vulnerabilities during the web development process.
 Explore knowledge on mitigation strategies for web application.
 Design a secure web site using industry standard tools.
 Build the security principles in developing a reliable web application

UNIT-I OVERVIEW OF WEB APPLICATIONS AND SECURITY 9

Introduction to web applications - Benefits and Drawbacks of Web Applications - Web
Application Vs Cloud application. Security Fundamentals: Introduction to web application
security - Input Validation - Attack Surface Reduction - Rules of Thumb - Classifying and
Prioritizing Security Threads.

UNIT-II WEB APPLICATION VULNERABILITIES 9

Understanding Vulnerabilities In Traditional Client Server Application and Web Applications -
Client State Manipulation - Cookie Based Attacks - SQL Injection - Cross Domain Attacks and
Types - Http Header Injection - Cross-Site Request Forgery (CSRF).

UNIT-III WEB APPLICATION MITIGATIONS 9

Http Request - Http Response - Rendering And Events - Html Image Tags - Image Tag Security
– Issue - Java Script On Error - Javascript Timing - Port Scanning - Remote Scripting - Running
Remotecode, Frame And Iframe - Browser Sandbox - Policy Goals, Same Origin Policy,
Library Import, Domain Relaxation.

UNIT-IV SECURE WEBSITE DESIGN 9

Secure website design: Architecture - Design Issues for Web Applications, Deployment
Considerations Input Validation – Authentication – Authorization - Configuration Management
- Sensitive Data - Session Management – Cryptography - Parameter Manipulation - Exception
Management - Auditing and Logging - Design Guidelines - Forms and validity - Technical
implementation.

UNIT-V CUTTING EDGE WEB APPLICATION SECURITY 9

Clickjacking - DNS rebinding - Flash security - Java applet security - Single-sign-on solution
and security - IPv6 impact on web security.
TOTAL =45 PERIODS
COURSE OUTCOMES:
Upon completion of the course, the students will be able to
 Identify the vulnerabilities in the web applications.
 Build and identify the various types of threats and mitigation measures of web
applications.
  Apply the security principles in developing a reliable web application.
 Implement industry standard tools for web application security.
 Apply penetration testing to improve the security of web applications

TEXT BOOKS:
1. Andrew Hoffman “Web application security: Exploitation and Countermeasures for modern web
applications, 2020.
2. Sullivan, Bryan, and Vincent Liu. Web Application Security, A Beginner’s Guide. McGraw Hill
Professional, 2012.
3. Mike Harwood, Ron Price “Internet and Web application security” 2020.

REFERENCE BOOKS:
1. Michal Zalewski “The Tangled Web: A Guide to Securing Modern Web Applications”, 2012.
2. Stuttard, Dafydd, and Marcus Pinto. The Web Application Hacker’s Handbook: Finding and
Exploiting Security Flaws. John Wiley Sons, 2011.
3. Brian Russell “Beginners Guide to Web Application Security”, 2005.