Valid for: 2014/15
Decided by: Education Board A
Date of Decision: 2014-04-07
Main field: Technology.
Compulsory for: C3
Elective for: BME4, D4-ks, E5
Language of instruction: The course will be given in Swedish
The course aims at giving the student knowledge about the security problems and solutions that relate to web based technology. Some areas will be addressed in more detail.
Knowledge and understanding
For a passing grade the student must
Competences and skills
For a passing grade the student must
Judgement and approach
For a passing grade the student must
During the course you have to be prepared to present and discuss your project.
Cryptology: Encryption, authentication and signing of messages
Web applications security: Security in PHP and MySQL, validation of user data with regular expressions, SQL-injections, cross site scripting, cross site request forgery, directory traversal, file inclusion, session attacks.
Server security: HTTP server, PHP and MySQL configuration.
Client Security: Javascript, cookie-security, same-origin policy, CORS.
Remote login: Basic and digest access authentication.
Email and Spam: Email security, spamming techniques, spam filters, email tracking, DKIM SPF, hashcash.
DNS Security: DNS configuration, Amplification attacks, DNS cache poisoning, DNS rebinding, DNSSEC
Grading scale: TH
Assessment: Written exam. Approved project is required to pass the course.
Required prior knowledge: EIT060 Computer Security, EDA011 or EDA016 Programming, First course.
The number of participants is limited to: No
Course coordinator: Dr. Martin Hell, martin.hell@eit.lth.se
Course homepage: http://www.eit.lth.se/course/eitf05
Further information: The course material will be in English.