Syllabus academic year 2010/2011
(Created 2010-07-25.)
WEB SECURITYEITF05
Credits: 4. Grading scale: TH. Cycle: G2 (First Cycle). Main field: Technology. Language of instruction: The course will be given in Swedish. Compulsory for: C3. Optional for: D4, D4ks. Course coordinator: Dr. Martin Hell, Martin.Hell@eit.lth.se, Electrical and Information Technology. Recommended prerequisits: EIT060 Computer Security, EDA011 or EDA016 Programming, First course. Assessment: Written exam. Approved projects are also required to pass the course. Further information: The course material will be in English. Home page: http://www.eit.lth.se/course/eitf05.

Aim
The course aims at giving the student knowledge about the security problems and solutions that relate to web based services. Some areas will be addressed in more detail.

Knowledge and understanding
For a passing grade the student must

Skills and abilities
For a passing grade the student must

Judgement and approach
For a passing grade the student must

During the course you have to be prepared to present and discuss your projects.

Contents
Cryptology: Encryption, authentication och signing of messages

Implementation: Security in PHP and MySQL, validation of user data, SQL-injections, cross site scripting, cross site request forgery.

Client Security: Javascript, cookie-security, ActiveX.

Remote login: How to distinguish humans from computers using CAPTCHA. Security in remote login.

Email and Spam: Email security, spamming techniques, spam filters, email tracking.

Anonymity: Anonymity solutions, Chaum Mixes, Tor

Literature
Lecture notes.