Web Application Security (2018)

From CyberEdWiki
Jump to: navigation, search

The intent of the Web Application Security Knowledge Unit is to provide students with a understanding of technology, tools, and practices associated with web applications.


To complete this KU, students should be able to:

  1. Examine concepts of web application technologies and security issues associated with them.
  2. Describe approaches used in the development and deployment of secure web applications
  3. Explain how web applications are operated in a secure manner


  1. Web Application Technologies
    1. The HTTP Protocol
    2. Encoding Schemes
    3. Web Application architectures
    4. AJAX
    5. XML and JSON
  2. Server-Side Controls
  3. Authentication
  4. Session Management
  5. Access Controls
  6. Client-Side Controls
  7. Input-Based Vulnerabilities
    1. SQL Injection
    2. Blind SQL Injection
    3. Cross-Site Scripting
    4. Cross-site request forgery
  8. Function-Specific Input Vulnerabilities
  9. Attacking Application Logic
  10. Recent Attack Trends
  11. Shared Hosting Vulnerabilities
  12. Application Server Vulnerabilities


Specialization Areas

See also


Further reading

Suggested textbooks

Suggested academic readings

Sample knowledge test

Sample skills test

Sample abilities test

Additional notes or materials


Reference ID