Web Application Security

Objectifs pédagogiques

The goal of this course is to understand security basics of web applications using Java/EE technologies,  allowing students to perform source code audits or secured programmation.

Description du cours

  • HTTP Overview
  • Java/EE Basics
  • Sensitive data handling
  • Authentication and access control
  • Handling interface : XSS
  • Handling browsing : CSRF
  • Handling file system : File-related vulnerabilities
  • Handling databases : SQL injection

Mots-clés

Webapps, OWASP, vulnerabilites, XSS, CSRF, SQL injection, File Upload, File Inclusion, Java/EE.

Prérequis

Basics in Java language.

Bibliographie

  • A Survey on Cross-Site Scripting Attacks, by Joaquin Garcia-Alfaro and Guillermo Navarro-Arribas, 2009
  • Survey on Cross Site Request Forgery (An Overview of CSRF), by Sentamilselvan K, 2013
  • Review of SQL Injection : Problems and Prevention, by Mohd Amin Bin Mohd Yunus, Muhammad Zainulariff Brohan, Nazri Mohd Nawi, Ely Salwana Mat Surin, Nurhakimah Azwani Md Najib and Chan Wei Liang, 2018
  • Enterprise Java Security: Building Secure J2EE Applications, by Marco Pistoia, Nataraj Nagaratnam, Larry Koved, Anthony Nadalin, 2004

Biographie de l’enseignant

Yves Duchesne is a former student of ISTIC and got his diploma in Information Security in 2008. In the meantime, he has been a developer on security-oriented web applications, and an IT security auditor for a local company, where he mainly performed penetration testings and source code audits. He founded ACCEIS in 2015, an IT security expertise company offering services in audit, consulting and trainings. It also has an agreement from ANSSI to perform security evaluations (ITSEC).

Ce site utilise des cookies afin d’améliorer votre expérience utilisateur et de réaliser des statistiques d’audience.
J'accepteJe refuseEn savoir plus