Skip to main content
Link list
Choose language
siirry suomenkieliselle sivulle change language to english

Application Security (5 cr)

Code: 3011640-3001

General information

Enrollment
02.12.2020 - 18.01.2021
Registration for the implementation has ended.
Timing
11.01.2021 - 23.04.2021
Implementation has ended.
Number of ECTS credits allocated
5 cr
Local portion
5 cr
Mode of delivery
Contact learning
Unit
Engineering and Business
Campus
Kupittaa Campus
Teaching languages
Finnish
Teachers
Tuomo Helo
Jani Vanharanta
Course
3011640
No reservations found for realization 3011640-3001!

Evaluation scale

H-5

Content scheduling

We will concentrate on the information security of the web applications
*
Security threats
Vulnerabilities
Attacks
Security principles
Defense
Laws and ethics
Testing
*
Working with WebGoat 8.1.
*
Useful standards, communities, tools and other resources,
*
Teamwork

Objective

After completing the course the student is able to:
- Understand common application security threats, vulnerabilities, and attacks
- Evaluate the technical and business impacts of different kinds of attacks
- Describethe security principles for developing high security web applications
- participate in high security web applications developing projects
- use security testing tools
- analyse and report the results from security testing
- give justified improvement proposals to mitigate security vulnerabilities

Content

- Network discovery, port and service identification
- Vulnerability scanning and penetration testing
- Web application security threats, vulnerabilities, and attacks
- The impacts of security breaches
- Web application security principles
- Implementing a secure web application
- Web application security organizations

Materials

The course book:

Andrew Hoffman
Web Application Security: Exploitation and Countermeasures for Modern Web Applications
Mar 17, 2020

Please, note that you can read the book free from our eBook Central database.

WebGoat 8.1 application's lessons (selected ones).

OWASP TOP 10 (https://owasp.org/www-project-top-ten/

Evaluation methods and criteria

The evaluation is based on 1) book exercises, 2) practical exercises, and 3) teamwork.
*
Grading scale:
*
6 book exercises. Each exercise is worth at least 10 points. The grade impact: At least 20 points -> 0.33 grade units; at least 35 points -> 1.0 grade unit; at least 50 points -> 1.5 grade units.
*
6 WebGoat and other practical exercises. Each exercise is worth at least 10 points. The grade impact: At least 20 points -> 0.33 grade units; at least 35 points -> 1.0 grade unit; at least 50 points -> 1.5 grade units.
*
You must get at least 0.33 units from both of the above parts.
*
Teamwork is obligatory. It's worth of 0.0 to 2.0 grade units. You must get at least 0.34 grade units from the teamwork.
*
A small test is arranged before the winter holiday. It's idea is to make certain that the student knows legal issues related to information security, and that he is committed to work according to laws. The test must be passed to pass the course.

Go back to top of page