WEB SECURITY
- Academic year
- 2024/2025 Syllabus of previous years
- Official course title
- WEB SECURITY
- Course code
- CM0628 (AF:513716 AR:286766)
- Modality
- On campus classes
- ECTS credits
- 6
- Degree level
- Master's Degree Programme (DM270)
- Educational sector code
- INF/01
- Period
- 2nd Semester
- Course year
- 1
- Where
- VENEZIA
- Moodle
- Go to Moodle page
Contribution of the course to the overall degree programme goals
The course is a fundamental component of the Cybersecurity curriculum and aims to provide the fundamental concepts and techniques for developing secure web applications. The student will learn the main web vulnerabilities and the appropriate defenses to put into practice against possible attackers.
Expected learning outcomes
Students will achieve the following learning outcomes:
i) Knowledge and understanding: understanding of the functioning of the web platform, its security issues and the main defense techniques against related attacks.
ii) Ability to apply knowledge and understanding: ability to identify vulnerabilities within existing web applications and correct them using appropriate tools.
iii) Judgment: ability to identify the attack surface against web applications, understand the security implications and choose the appropriate tools to increase the level of protection.
iv) Communication skills: knowing how to clearly explain the nature of a vulnerability and the related mitigations.
v) Learning ability: knowing how to independently study new security problems, the related solutions and the tools needed to identify them.
i) Knowledge and understanding: understanding of the functioning of the web platform, its security issues and the main defense techniques against related attacks.
ii) Ability to apply knowledge and understanding: ability to identify vulnerabilities within existing web applications and correct them using appropriate tools.
iii) Judgment: ability to identify the attack surface against web applications, understand the security implications and choose the appropriate tools to increase the level of protection.
iv) Communication skills: knowing how to clearly explain the nature of a vulnerability and the related mitigations.
v) Learning ability: knowing how to independently study new security problems, the related solutions and the tools needed to identify them.
Pre-requirements
It is required basic knowledge of programming (imperative programming and scripting), computer networks and cryptography.
Contents
Web security: client-side security, server-side security, secure communication, web protocols. Outline of selected research topics.
Referral texts
The following books are optional, but recommended to students who want to have solid foundations and get a more in-depth understanding:
D. Stuttard, M. Pinto - The Web Application Hacker's Handbook (2011)
M. McDonald - Grokking Web Application Security (2024)
D. Stuttard, M. Pinto - The Web Application Hacker's Handbook (2011)
M. McDonald - Grokking Web Application Security (2024)
Assessment methods
The exam consists of a written test based on questions and exercises that aims at verifying the knowledge of the different topics of the course. The course also includes a series of optional assignments aimed at deepening specific topics of the course, which integrate the mark of the written test and ask the students to face prominent practical problems. The written test verifies objective i) and is worth 30 points, while the assignments verify objective ii) and provide up to 3 extra points in addition to the mark of the written test. Objectives iii), (iv) and (v) are verified by both tests. In particular, the student will be assessed based on the following criteria:
i) Knowledge and understanding: the student must demonstrate familiarity with the main attack and defense techniques related to the web platform.
ii) Ability to apply knowledge and understanding: the student must demonstrate the ability to identify new security vulnerabilities in web applications and propose appropriate solutions.
iii) Judgment skills: The student must demonstrate the ability to analyze the main security issues of a web application and design secure web applications.
iv) Communication skills: The student must demonstrate familiarity with technical language and clarity in presenting attacks and defenses.
v) Learning ability: The student must demonstrate the capacity to tackle new case studies beyond those covered in class.
Regarding the indicated criteria, scores in the range of 18-22 indicate sufficient but limited skills, scores in the range of 23-26 indicate fair to more than fair skills, and scores in the range of 27-30 indicate good to excellent skills.
i) Knowledge and understanding: the student must demonstrate familiarity with the main attack and defense techniques related to the web platform.
ii) Ability to apply knowledge and understanding: the student must demonstrate the ability to identify new security vulnerabilities in web applications and propose appropriate solutions.
iii) Judgment skills: The student must demonstrate the ability to analyze the main security issues of a web application and design secure web applications.
iv) Communication skills: The student must demonstrate familiarity with technical language and clarity in presenting attacks and defenses.
v) Learning ability: The student must demonstrate the capacity to tackle new case studies beyond those covered in class.
Regarding the indicated criteria, scores in the range of 18-22 indicate sufficient but limited skills, scores in the range of 23-26 indicate fair to more than fair skills, and scores in the range of 27-30 indicate good to excellent skills.
Type of exam
written
Teaching methods
Theoretical lectures in class;
Online resources (lecture notes and slides);
Labs and assignments.
Online resources (lecture notes and slides);
Labs and assignments.
Teaching language
English
Definitive programme.
Last update of the programme: 10/02/2025