After the course, students can:
- explain what the standard security problems and possible privacy problems in web-applications are (such as SQL-injection, XSS, CSRF, leaking of various kinds of personal data, etc.) and how these work;
- explain which countermeasures there are against these weaknesses, explain how these work, and apply some of these;
- find and exploit such weaknesses in simple web-applications.
The web is built using a set of extremely successful set of technologies, including HTTP and HTML5, that enable not only all interaction with websites using a browser, but also much of the functionality of apps on mobile phones and tablets, and increasingly also of apps on desktops and laptops. These technologies not only bring a lot of convenient functionality, but also come with security and privacy risks, which is that this course is about. It covers standard types of security and privacy vulnerabilities, how they can be exploited, what the underlying root causes are, and what can be done to prevent them, detect them, or mitigate their impact.
|Databases (IPC024) and Security (IPC021)|
|Mandatory project work and written exam|