This course reviews the basic knowledge of the World Wide Web, and then examines advances in the central defense concepts behind Web security, such as same-origin policy, cross-origin resource sharing, and browser sandboxing. Concurrently, we will also explore the most popular Web vulnerabilities, such as cross-site scripting (XSS) and SQL injection, as well as how to attack and penetrate software with such vulnerabilities. You will learn how to detect, respond, and recover from security incidents. Newly proposed research techniques will be investigated with students demonstrating their understanding through discussions and peer evaluated exercises.
EN.695.622 Web Security or similar previous exposure.