Web Application Security (2018)

From CyberEdWiki
Jump to: navigation, search

The intent of the Web Application Security Knowledge Unit is to provide students with a understanding of technology, tools, and practices associated with web applications.

Outcomes

To complete this KU, students should be able to:

  1. Examine concepts of web application technologies and security issues associated with them.
  2. Describe approaches used in the development and deployment of secure web applications
  3. Explain how web applications are operated in a secure manner

Topics

  1. Web Application Technologies
    1. The HTTP Protocol
    2. Encoding Schemes
    3. Web Application architectures
    4. AJAX
    5. XML and JSON
  2. Server-Side Controls
  3. Authentication
  4. Session Management
  5. Access Controls
  6. Client-Side Controls
  7. Input-Based Vulnerabilities
    1. SQL Injection
    2. Blind SQL Injection
    3. Cross-Site Scripting
    4. Cross-site request forgery
  8. Function-Specific Input Vulnerabilities
  9. Attacking Application Logic
  10. Recent Attack Trends
  11. Shared Hosting Vulnerabilities
  12. Application Server Vulnerabilities

Categories

Specialization Areas

See also

none

Further reading

Suggested textbooks

Suggested academic readings

Sample knowledge test

Sample skills test

Sample abilities test

Additional notes or materials

Contacts

Reference ID

WAS