Web Application Security
Number of Lectures
This course is intended as an introduction to the vast and confusing world of web application security. We are still in the process of discovering this world, which is growing fast. In this course we will take several complementary perspectives. We will first use the framework of the Open Web Application Security (OWASP) which is the gold standard in web application security, to classify the major kinds of attacks, and discuss how they are addressed. We will try to make sense of the fact that the threat represented by those attacks is increasing, not decreasing.
Browsers are targets for attack in a variety of ways. They are a conduit to attack against the computer they run in, they can be hijacked and manipulated by attackers to abuse users in a variety of ways. Browsers play an important role in protecting users. But they do not provide adequate protection against many attacks, despite the fact that those attacks take place through them. How to improve the security of browsers is work in progress, with a lot of progress to be made.
We examine the process of innovation to see what prevents a culture of security from being developed.
- Lecture 1: Introduction
- Lecture 2: OWASP Top Ten
- Lecture 3: XSS (1): Introduction to Cross Site Scripting
- Lecture 4: XSS (2): How to Avoid XSS?
- Lecture 5: Cross Site REquest Forgery (CSRF)
- Lecture 6: SQL Injection (1): Intro
- Lecture 7: SQL Injection (2): More Advanced
- Lecture 8: Browser Security (1): How Do Browsers Enter in the Secruity Equation?
- Lecture 9: Browser Security (2): Why Are Attacks Like Man in the Browser Possible?
- Lecture 10: Browser Security (3): What Difference Browsers Do and Can Do?
- Lecture 11: OWASP Top Ten Other Than Injection, SXX and CSRF
- Lecture 12: AJAX, Web 2.0, and Web Application Security
- Lecture 13: Defense: Security Tools for Web Applications
- Lecture 14: Mobile Devices and the Cloud
- Lecture 15: Looking for the Origins of Web Application Security Problems
- Lecture 16: Web Application Innovation