Scribd
Upload
146 views10 pages

Web Security (CAT-309) - Unit 1 Lecture 1

The document provides information about the Web Security course for Bachelor of Computer Application students. It includes 3 key points: 1) The course introduces students to securing web applications and the necessity of security as websites widely use and process data. It covers authentication techniques, injection attacks, and mitigating risks. 2) The syllabus is divided into 3 units that address web application basics, different types of injection attacks and vulnerabilities, and user attacks and code analysis approaches. 3) The course outcomes are that students will understand the need to secure web applications, learn about common risks, and how to take steps to mitigate those risks.

Uploaded by

20BCA1382 GYAN VARDHAN
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
146 views10 pages

Web Security (CAT-309) - Unit 1 Lecture 1

The document provides information about the Web Security course for Bachelor of Computer Application students. It includes 3 key points: 1) The course introduces students to securing web applications and the necessity of security as websites widely use and process data. It covers authentication techniques, injection attacks, and mitigating risks. 2) The syllabus is divided into 3 units that address web application basics, different types of injection attacks and vulnerabilities, and user attacks and code analysis approaches. 3) The course outcomes are that students will understand the need to secure web applications, learn about common risks, and how to take steps to mitigate those risks.

Uploaded by

20BCA1382 GYAN VARDHAN
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 10

UNIVERSITY INSTITUTE OF

COMPUTING
Bachelor of Computer Application
Subject Name: Web Security
Code:CAT-309

Web Application DISCOVER . LEARN . EMPOWER


SCHEME
Bachelor of Computer Applications Semester – V (2018-21)

Subject Code Title L T P Credits


Specialisation - I 3 - - 3
CA*-301
CAT-302 Computer Graphics 3 - - 3
CAT-309 Web Security 3 - - 3

CAT-310 Business Intelligence 3 - - 3

CAP-306 Computer Graphics Lab - - 4 2

CA*-307 Specialisation – I Lab - - 4 2


CAR-308 Minor Project - - - 2

CAY-309 Industrial Training - - - 3*

CAY-311 Data Interpretations Lab - - 4 0

Total 18 2
SCHEME
WEB SECURITY L T P C
Total Contact Hours :45
CAT-309 3 - - 3
Applicable to which branch: BCA
Prerequisite: Basic knowledge web Applications
Marks
Internal :40 External:60
Course Objective
Students will apply the concepts learned in this course to the development of client-server
applications that are Internet and/or World Wide Web based.
Unit Course Outcome
1 Students will learn the necessity for securing web applications
2 Students will know different risks to web applications
3 Students will learn how to take the steps required to mitigate those risks
3
Syllabus
Unit-I
Web Application Basics: Introduction, HTTP Protocol, Web Functionality,
Encoding Schemes, Enumerating Content and Functionality, Analysing the
Application, Authentication Security: Authentication Techniques, Design Flaws in
Authentication, Implementation Flaws in Authentication, Securing Authentication,
Path Traversal Attacks.
Unit-II
Injection Attacks: Injecting into Interpreted Contexts, SQL Injection, NoSQL
Injection, XPath Injection, LDAP Injection, XML Injection, Http Injection, Mail
Service Injection, Cross Site Scripting (XSS): Types of XSS, XSS in Real
World, Finding and Exploiting XSS Vulnerabilities, Preventing XSS Attacks

4
Syllabus
Unit-III
User Attacks: Inducing User Actions, Capturing Cross-Domain Data, Client-
Side Injection Attacks, Local Privacy Attacks, ActiveX Control attacks, Browser
Attacks, Source Code Analysis: Approaches to Code Review, Signatures of
Common Vulnerabilities, Analysis of Java platform, Analysis of ASP.NET
platform, Analysis of PHP, Analysis of Perl, Analysis of JavaScript, Analysis of
SQL

5
Web Applications Basics
Course Outcome Web Application Basics:
Introduction, HTTP Protocol, Web
CO Title Level Functionality, Encoding Schemes,
Number Enumerating Content and
CO1
Students will learn the necessity for securing
Understand Functionality, Analysing the
web applications Application, Authentication
CO2
Students will know different risks to web applications
Understand Security: Authentication
Techniques, Design Flaws in
CO3 Understand
Students will learn how to take the steps required to
Authentication, Implementation
mitigate those risks Flaws in Authentication, Securing
Authentication, Path Traversal
Attacks.

6
Introduction to Web Security

Web security is also known as “Cyber security”. It basically means


protecting a website or web application by detecting, preventing and
responding to cyber threat.

Fig 1- Web Security [1]


7
Introduction to Web Security continued..
Need Of Security :
Security is required because the widespread use of data processing equipment, the
security of information felt to be valuable to an organization was provided
primarily by physical and administrative means.

Fig 2- Need Of Security [2] 8


References
Reference Books
• The Web Application Hacker’s Handbook, DafyddStuttard, Wiley India Pvt. Ltd.
• Web Security by Oscar MeridaPublisher: php[architect]
• Web Security-Privacy and Commerce,SimsonGarfinkel, O’Reilly.
Reference websites:
1. https://www.goodfirms.co/glossary/web-security/
2. https://miro.medium.com/max/1600/0*ZnNHGO20RCbUGatL.gif

9
THANK YOU

For queries
Email: [email protected]

You might also like