Web Application Security

Teaching goals

The goal of this course is to understand security basics of web applications using Java/EE technologies,  allowing students to perform source code audits or secured programmation.

Course description

  • HTTP Overview
  • Java/EE Basics
  • Sensitive data handling
  • Authentication and access control
  • Handling interface : XSS
  • Handling browsing : CSRF
  • Handling file system : File-related vulnerabilities
  • Handling databases : SQL injection


Webapps, OWASP, vulnerabilites, XSS, CSRF, SQL injection, File Upload, File Inclusion, Java/EE.


Basics in Java language.


  • A Survey on Cross-Site Scripting Attacks, by Joaquin Garcia-Alfaro and Guillermo Navarro-Arribas, 2009
  • Survey on Cross Site Request Forgery (An Overview of CSRF), by Sentamilselvan K, 2013
  • Review of SQL Injection : Problems and Prevention, by Mohd Amin Bin Mohd Yunus, Muhammad Zainulariff Brohan, Nazri Mohd Nawi, Ely Salwana Mat Surin, Nurhakimah Azwani Md Najib and Chan Wei Liang, 2018
  • Enterprise Java Security: Building Secure J2EE Applications, by Marco Pistoia, Nataraj Nagaratnam, Larry Koved, Anthony Nadalin, 2004


Yves Duchesne is a former student of ISTIC and got his diploma in Information Security in 2008. In the meantime, he has been a developer on security-oriented web applications, and an IT security auditor for a local company, where he mainly performed penetration testings and source code audits. He founded ACCEIS in 2015, an IT security expertise company offering services in audit, consulting and trainings. It also has an agreement from ANSSI to perform security evaluations (ITSEC).

This site uses cookies to improve your user experience and to achieve audience statistics.
I acceptI refuseKnow more