Course syllabus

Avancerad webbsäkerhet
Advanced Web Security

EITN40, 4 credits, A (Second Cycle)

Valid for: 2012/13
Decided by: Education Board 1
Date of Decision: 2012-03-19

General Information

Elective for: C4, C4-ks, C4-da, D4, D4-ks
Language of instruction: The course will be given in Swedish

Aim

The course aims at deepen the student’s knowledge about the security problems and solutions that relate to web based technology. Some areas requiring use of cryptographic primitives will be addressed in detail. Knowledge of these will give the student tools to understand also related areas.

Learning outcomes

Knowledge and understanding
For a passing grade the student must

Competences and skills
For a passing grade the student must

Judgement and approach
For a passing grade the student must

Contents

Data representations: CMS, ASN.1, BER, CER and DER encoding

Web Services Security: SOAP, REST, SAML, XML Signature and encryption

PKI: CRL, OCSP, RA, CA, and signing procedures

Anonymity: Anonymity solutions, Chaum mixes, Tor

E-voting: E-voting protocols

e-commerce: Electronic payment, online auctions, Bitcoin, micropayments

Authentication: OAuth, OpenID, CAPTCHA

Web server security: ModSecurity

Examination details

Grading scale: TH
Assessment: Home assignments, which are graded, gives grade 3 or 4. If grade 4 is achieved on home assignments, grade 5 can be obtained after successful oral exam. Approved laboratory assignment is required for passing the course.

Admission

Required prior knowledge: EIT060 Computer Security, EITF05 Web Security
The number of participants is limited to: No

Reading list

Contact and other information

Course coordinator: Dr. Martin Hell, martin.hell@eit.lth.se
Further information: The course material will be in English.