Academic Catalog


Course Code: 9100505
METU Credit (Theoretical-Laboratory hours/week): 3(0-0)
ECTS Credit: 8.0
Department: Cyber Security
Language of Instruction: English
Level of Study: Graduate
Course Coordinator:
Offered Semester: Fall Semesters.

Course Content

State, in sequential order and without resorting to structured sentences,the main topics, issues, concerns etc. covered in the course, separate individual items with a semi-colon or a full stop; only proper names and words beginning after a full stop should be capitalized.
Introduction to web application security: web application insecurity, core defense mechanisms, web application technologies. Mapping the application and bypassing client-side controls. Attacking authentication. Attacking session management and access controls. Attacking data stores: SQL, NoSQL, XPATH and LDAP injection. Attacking back-end components: OS command, XML, HTTP and SMTP injection. Attacking application logic. Attacking users: cross-site scripting and other techniques.Automating customized attacks and exploiting information disclosure. Attacking application architecture and application server. Web application security testing tools: setting up virtual lab and toolset. Live web application security assessment.