CSEC505 WEB APPLICATION SECURITY
|METU Credit (Theoretical-Laboratory hours/week):||3(0-0)|
|Language of Instruction:||English|
|Level of Study:||Graduate|
|Offered Semester:||Fall Semesters.|
Course ContentState, in sequential order and without resorting to structured sentences,the main topics, issues, concerns etc. covered in the course, separate individual items with a semi-colon or a full stop; only proper names and words beginning after a full stop should be capitalized.
Introduction to web application security: web application insecurity, core defense mechanisms, web application technologies. Mapping the application and bypassing client-side controls. Attacking authentication. Attacking session management and access controls. Attacking data stores: SQL, NoSQL, XPATH and LDAP injection. Attacking back-end components: OS command, XML, HTTP and SMTP injection. Attacking application logic. Attacking users: cross-site scripting and other techniques.Automating customized attacks and exploiting information disclosure. Attacking application architecture and application server. Web application security testing tools: setting up virtual lab and toolset. Live web application security assessment.