Web Security – CSCI 631

CG • Section 8WK • 11/08/2019 to 04/16/2020 • Modified 07/28/2020

Course Description

This course deals with web security issues, such as SQL injection and cross site scripting along with how to defend and protect against such attacks.

Prerequisite

CSCI 601

Rationale

Web security is a subject with high visibility and importance. The stakes are high for all concerned- for businesses that derive increasing revenue from Internet commerce, for users who trust web applications with sensitive information, and for criminals who can make big money by stealing payment details or compromising bank accounts. This course addresses this critical subject by practically discussing common web vulnerabilities, secure web development practices and mitigation measures against those vulnerabilities, and how to conduct, analyze, and document web security audits.

Measurable Learning Outcomes

Upon successful completion of this course, the student will be able to:

  1. Understand the vulnerabilities present in web applications.
  2. Exploit vulnerabilities present in web applications.
  3. Use exploited vulnerabilities to penetrate a network’s defenses.
  4. Secure a large scale web application including front and back end components.
  5. Integrate biblical principles within the field of computer security.

Course Assignment

After reading the Syllabus and Student Expectations, the student will complete the related checklist found in Module/Week 1.

The student is required to provide a thread in response to the provided prompt for each forum. Each thread must be 350 words in length and demonstrate course-related knowledge. In addition to the thread, the student is required to reply to two (2) other classmates’ threads. Each reply must be 250 words in length.

The student will complete five (5) labs associated with the course material. Each lab will have specific instructions for tasks, along with deliverables, to be completed in the virtual lab environment.

The student will perform research into a publicly announced breach that has occurred with the last three years. This breach is web or network related resulting in the loss of privacy or data. The student will produce a report in current APA format of at least 750 words and must include at least two (2) references in addition to the course text text and the Bible.

The student will perform a security assessment of a web site, as discussed in the lab environments, and create a report based upon the results of that assessment.

The student will then write a research-based paper in current APA format that focuses on the results from a web security assessment. A report template and further instructions are provided in the course. The paper must include at least three (3) references in addition to the course textbook and the Bible.

This project is a continuation of the Security Assessment Findings Project. In this paper, the student will discuss the recommended remediations and actions to address the vulnerabilities reported upon in the earlier paper. The student will write a research-based paper using the associated template with this assignment. The final deliverable for this project will be a paper in current APA format (including the previous test plan assignment with the new content in this paper- combining the paper from Module/Week 6 with the paper in this project.). It must include at least three (3) additional references in addition to the three (3) references from the test plan assignment, course textbook and the Bible.

Each quiz will cover the Reading & Study material for the module(s)/week(s) in which it is assigned. Each quiz will be open-book/open-notes, contain multiple-choice, true/false, and short answer questions, and have a 60-minute time limit.

The Midterm Exam will cover the Reading & Study material for Modules/Weeks 1–4. The Midterm Exam will be open-book/open-notes, contain true/false, multiple choice, and short answer questions, and have a 1 hour and 30 minute time limit.