WEB SECURITY

Academic year
2024/2025 Syllabus of previous years
Official course title
WEB SECURITY
Course code
CM0628 (AF:513760 AR:286766)
Modality
On campus classes
ECTS credits
6
Degree level
Master's Degree Programme (DM270)
Educational sector code
INF/01
Period
2nd Semester
Course year
1
Where
VENEZIA
Moodle
Go to Moodle page
The course is a fundamental component of the Cybersecurity curriculum and aims to provide the fundamental concepts and techniques for developing secure web applications. The student will learn the main web vulnerabilities and the appropriate defenses to put into practice against possible attackers.
Students will achieve the following learning outcomes:

i) Knowledge and understanding: understanding of the functioning of the web platform, its security issues and the main defense techniques against related attacks.

ii) Ability to apply knowledge and understanding: ability to identify vulnerabilities within existing web applications and correct them using appropriate tools.

iii) Judgment: ability to identify the attack surface against web applications, understand the security implications and choose the appropriate tools to increase the level of protection.

iv) Communication skills: knowing how to clearly explain the nature of a vulnerability and the related mitigations.

v) Learning ability: knowing how to independently study new security problems, the related solutions and the tools needed to identify them.
It is required basic knowledge of programming (imperative programming and scripting), computer networks and cryptography.
Web security: client-side security, server-side security, secure communication, web protocols. Outline of selected research topics.
The following books are optional and recommended to students who want to get a more in-depth understanding:

W. Du - Internet Security: A Hands-on Approach (2019)
Sullivan & Liu - Web Application Security, A Beginner's Guide (2011)
Zalewski - The tangled Web: A Guide to Securing Modern Web Applications (2011)
Onofri, Onofri - Attacking and Exploiting Modern Web Applications (2023)
The exam consists of a written test based on questions and exercises that aims at verifying the knowledge of the different topics of the course. The course also includes a series of optional assignments aimed at deepening specific topics of the course, which integrate the mark of the written test and ask the students to face prominent practical problems. The written test verifies objective i) and is worth 30 points, while the assignments verify objective ii) and provides up to 3 extra points in addition to the mark of the written test. Objectives iii), (iv) and (v) are verified by both tests.
Theoretical lectures in class;
Online resources (lecture notes and slides);
Labs and assignments.
English
written
Definitive programme.
Last update of the programme: 28/06/2024