SEC 260 (Web and Application Security) - Hsanokklis/2023-2024-Tech-journal GitHub Wiki

Internet applications run on the application layer of the OSI model. In order to secure the information that is stored and shared across these applications we need to learn how to secure certain protocols and systems. In this class we explore securing web applications using a practical and hands on approach. The focus of the class will be on the Presentation and Session layers of the OSI model.

Learning how to secure web servers and communication between web applications
Creating base applications
Assessments, quizzes, class activities and participation is counted
quizzes are before assessments -- assessments are practical

SEC‐260: Infrastructure Notes

Week 1.1: Introduction and Review

Week 1.2: HTML and VI

Week 2.1 Web Resources and Paths

Week 2.2 HTTP Methods, Status, and Headers

Week 3.1 GET and POST

Week 3.2 Crypto + HTTPS

Week 4.1 CAs and PKI

Week 5.1 Hashes and Digital Certs

Week 5.2 Decrypting TLS

Week 6.2 Apache and Virtual Hosts

Week 7.1 Hardening

Midterm Preparation

Midterm Assessment

Week 8.2 Mod Security

Week 9.1 Mod Security Continued

Week 9.2 Mod Security Part 3

Week 10.1 PHP Shell

Week 10.2 OWASP Introduction

Week 11.1 Javascript Info and XSS

Week 11.2 Quiz 2

Week 12.1 XSS(continued)/XSRF and Path Traversal

Week 13.2 IIS Hardening

Week 14.2 PHP/MySQL Integration and SQL Injection