This course examines issues associated with making web applications secure. The principal focus is on server-side security such as CGIsecurity, proper server configuration, and firewalls. The course also investigates the protection of connections between a client and server using current encryption protocols (e.g., SSL/TLS) as well discussing the related attacks on these protocols (e.g., Heartbleed, CRIME, etc.). The course also investigates keeping certain data private from the server system (e.g., via third-party transaction protocols like SET, or PCI DSS standard). Elementary Number Theory will be reviewed. Finally, the course explores client-side vulnerabilities associated with browsing the web, such as system penetration, information breach, identity theft, and denial-of-service attacks. Related topics such as malicious e-mails, web bugs, spyware,and software security are also discussed. Labs and various server-side demonstrations enable students to probe more deeply into security issues and to develop and test potential solutions. Basic knowledge of operating systems is recommended. Students will download and install a Virtual Machine to be used in the course.
605.412 Operating Systems or basic knowledge of Operating Systems is recommended.