Course syllabus

Web Security

EITF05, 4 credits, G2 (First Cycle)

Valid for: 2017/18
Decided by: PLED C/D
Date of Decision: 2017-04-03

General Information

Main field: Technology.
Compulsory for: C3
Elective for: BME5, D4-ks, E5
Language of instruction: The course will be given in Swedish


The course aims at giving the student knowledge about the security problems and solutions that relate to web based technology. Some areas will be addressed in more detail.

Learning outcomes

Knowledge and understanding
For a passing grade the student must

Competences and skills
For a passing grade the student must

Judgement and approach
For a passing grade the student must

During the course you have to be prepared to present and discuss your project.


Cryptology: Encryption, authentication and signing of messages.

Web applications security: Security in PHP and MySQL, validation of user data with regular expressions, SQL-injections, cross site scripting, cross site request forgery, directory traversal, file inclusion, session attacks, HTTP response splitting.

Server security: HTTP server, PHP and MySQL configuration.

Client Security: Javascript, cookie-security, same-origin policy, CORS.

Remote login: Basic and digest access authentication.

Email and Spam: Email security, spamming techniques, spam filters, email tracking, DKIM SPF, DMARC, hashcash.

DNS Security: DNS configuration, Amplification attacks, DNS cache poisoning, DNS rebinding, DNSSEC.

The course also includes a project. The result will be summarized in a technical report and also presented on a seminar.

Examination details

Grading scale: TH - (U,3,4,5) - (Fail, Three, Four, Five)
Assessment: Approved project and mandatory online exam is required to pass the course with grade 3. An additional written exam is required for grade 4 or 5.

The examiner, in consultation with Disability Support Services, may deviate from the regular form of examination in order to provide a permanently disabled student with a form of examination equivalent to that of a student without a disability.

Code: 0116. Name: Project.
Credits: 0. Grading scale: UG.
Code: 0216. Name: Examination.
Credits: 4. Grading scale: TH.


Required prior knowledge: EIT060 Computer Security, EDA011, EDA016 or EDA017 Programming, First course. The student should be able to set up a database and execute simple SQL-queries.
The number of participants is limited to: No

Reading list

Contact and other information

Course coordinator: Paul Stankovski,
Course homepage:
Further information: The course is given in Swedish, but some parts of the course may be given in English. All course material is in English.