Information Assurance Design
CIS 529: Web Design and
Development
Overview: Suggested Time: 2 class periods
Course Length: 3 Hours Pre-Requisite : None
Target Audience
|
Levels |
Disciplines |
||
|
CS |
|
CIS |
|
|
Undergraduate |
x |
|
x |
|
Graduate |
|
|
|
Description: This course briefly
introduces students to various web based attacks and defenses. It discusses the vulnerabilities for
languages such as HTML, JAVA and discusses various countermeasures that are
available. It also elucidates
various Web-hacking .tools that are available along with their
countermeasures
Objective(s): The primary purpose
of this course is to: Goals/Outcome: The students will be
able to: ·
Understand
the concept of Web security -
what it is and why it is important. ·
Identify the key
areas of Security in certain Web Development Languages ·
Understand
Application servers, their loopholes and countermeasures ·
Learn
about various Web Hacking Tools ·
Identify and understand SQL Attacks, HTML
and URL vulnerabilities ·
Brief understanding of Assembly Language
through Buffer Overflows Outline: ·
HTML Ø
Information
leakage through HTML Ø
Clues to
look for o
HTML
Comments o
Internal/External
Hyperlines o
Hidden
Fields o
Client
Side Scripts ·
URL Ø
URL
Structure Ø
URL
Parameter Passing Ø
URL
Encoding Ø
Abusing
URL Encoding ·
Application
Servers Ø
Architecture
of JAVA Application Servers Ø
Attacking
a JAVA Web server Ø
Identifying
loopholes in JAVA Applications Ø
Countermeasures ·
Web
Hacking Tools Ø
Achilles Ø
Cookie
Pal Ø
Whisker Ø
Brutus ·
Buffer
Overflows Ø
Introduction
to Assembly Language Ø
Disassembly Ø
Blind
Stress Testing ·
Database
Access Ø
Direct
SQL Attacks Ø
Input
Validation Ø
Counter
Measures o
Patches o
Firewalls o
Stored
Procedure Removal and Input Sanitization Suggested Assignments: References: ·
Web Hacking, Attacks and Defenses, Stuart McClure, Saumil
Shah and Shreeraj Shah