Syllabus 2009/2010 EITF05

Syllabus academic year 2009/2010
(Created 2009-08-11.)

WEB SECURITY

EITF05

Higher education credits: 4. Grading scale: TH. Level: G2 (First level). Language of instruction: The course will be given in Swedish. Compulsory for: C3. Optional for: D4, E4. Course coordinator: Dr. Martin Hell, Martin.Hell@eit.lth.se, Inst för elektro- och informationsteknik. Recommended prerequisits: EIT060 Computer Security, EDA011 or EDA016 Programming, First course. Assessment: Written exam. Approved projects are also required to pass the course. Further information: The course material will be in English. Home page: http://www.eit.lth.se/course/eitf05.

Aim
The course aims at giving the student knowledge about the security problems and solutions that relate to web based services. Some areas will be addressed in more detail.

Knowledge and understanding
For a passing grade the student must

Describe the different security problems that arise when using web based services.
Describe why the problems arise and how they can be avoided.

Skills and abilities
For a passing grade the student must

Be able to analyze the security problem and be able to propose solutions.
Show that you understand the technical solutions that are used to avoid a security flaw.
Show that you understand the security limitations in web based services.

Judgement and approach
For a passing grade the student must

During the course you have to be prepared to present and discuss your projects.

Contents
Cryptology: Encryption, authentication och signing of messages

Implementation: Security in PHP and MySQL, validation of user data, SQL-injections, cross site scripting, cross site request forgery.

Client Security: Javascript, cookie-security, ActiveX.

Remote login: How to distinguish humans from computers using CAPTCHA. Security in remote login.

Email and Spam: Email security, spamming techniques, spam filters, email tracking.

Anonymity: Anonymity solutions, Chaum Mixes, Tor

Literature
Lecture notes.