Web programming security aspects, web browser design flaws, web vulnerability exploitation, risk on Internet and web privacy. Injection flaws: cross-site scripting, SQL injection, OS command injection, invalid URL redirection flaw, broken authentication and session management, hard-coded credentials in code, file upload vulnerability HTTP header injection. Authentication flaws, request authorization flaws, cookie flaws, server misconfiguration. User web privacy, including sensitive data exposure, information leakage, network attacks and HTTPS, origin policy, web attacker model, browser and device fingerprinting, user tracking, browser caching flaws.
(3 lectures)
Parent Business Unit ID:
Prerequisite:
COMP334 | WEB APPLICATION AND TECHNOLOGY
COMP3340 | WEB APPLICATION AND TECHNOLOGY
