This course examines issues associated with making web applications secure. The principal focus is on server-side security such as CGIsecurity, proper server configuration, and firewalls. The course also investigates the protection of connections between a client and server using current encryption protocols (e.g., SSL/TLS) as well discussing the related attacks on these protocols (e.g., Heartbleed, CRIME, etc.). The course also investigates keeping certain data private from the server system (e.g., via third-party transaction protocols like SET, or PCI DSS standard). Elementary Number Theory will be reviewed. Finally, the course explores client-side vulnerabilities associated with browsing the web, such as system penetration, information breach, identity theft, and denial-of-service attacks. Related topics such as malicious e-mails, web bugs, spyware,and software security are also discussed. Labs and various serverside demonstrations enable students to probe more deeply into security issues and to develop and test potential solutions. Basic knowledge of operating systems is recommended. Students will download and install a Virtual Machine to be used in the course. Prerequisite(s): 605.202 Data Structures; 605.612 Operating Systems or basic knowledge of operating systems is recommended.
EN.605.612[C] OR EN.605.412[C]