Web Application Security detailed syllabus for Cyber Security (Cyber Security) for 2021 regulation curriculum has been taken from the Anna Universities official website and presented for the Cyber Security students. For course code, course name, number of credits for a course and other scheme related information, do visit full semester subjects post given below.
For Cyber Security 6th Sem scheme and its subjects, do visit Cyber Security 6th Sem 2021 regulation scheme. For Professional Elective-III scheme and its subjects refer to Cyber Security Professional Elective-III syllabus scheme. The detailed syllabus of web application security is as follows.
Course Objectives:
Download the iStudy App for all syllabus and other updates.
Unit I
FUNDAMENTALS OF WEB APPLICATION SECURITY
The history of Software Security-Recognizing Web Application Security Threats, Web Application Security, Authentication and Authorization, Secure Socket layer, Transport layer Security, Session Management-Input Validation
Unit II
SECURE DEVELOPMENT AND DEPLOYMENT
Web Applications Security – Security Testing, Security Incident Response Planning,The Microsoft Security Development Lifecycle (SDL), OWASP Comprehensive Lightweight Application Security Process (CLASP), The Software Assurance Maturity Model (SAMM)
Unit III
Download the iStudy App for all syllabus and other updates.
Unit IV
^MMVULNERABILITY ASSESSMENT AND PENETRATION TESTING
Vulnerability Assessment Lifecycle, Vulnerability Assessment Tools: Cloud-based vulnerability scanners, Host-based vulnerability scanners, Network-based vulnerability scanners, Databasebased vulnerability scanners, Types of Penetration Tests: External Testing, Web Application Testing, Internal Penetration Testing, SSID or Wireless Testing, Mobile Application Testing.
Unit V
HACKING TECHNIQUES AND TOOLS
Social Engineering, Injection, Cross-Site Scripting(XSS), Broken Authentication and Session Management, Cross-Site Request Forgery, Security Misconfiguration, Insecure Cryptographic Storage, Failure to Restrict URL Access, Tools: Comodo, OpenVAS, Nexpose, Nikto, Burp Suite, etc.
Practical Exercises
- Install wireshark and explore the various protocols
- Analyze the difference between HTTP vs HTTPS
- Analyze the various security mechanisms embedded with different protocols.
- Identify the vulnerabilities using OWASP ZAP tool
- Create simple REST API using python for following operation
- GET
- PUSH
- POST
- DELETE
- Install Burp Suite to do following vulnerabilities:
- SQL injection
- cross-site scripting (XSS)
- Attack the website using Social Engineering method
Course Outcomes:
Download the iStudy App for all syllabus and other updates.
Text Books:
- Andrew Hoffman, Web Application Security: Exploitation and Countermeasures for Modern Web Applications, First Edition, 2020, O’Reilly Media, Inc.
- Bryan Sullivan, Vincent Liu, Web Application Security: A Beginners Guide, 2012, The McGraw-Hill Companies.
- Neil Madden, API Security in Action, 2020, Manning Publications Co., NY, USA.
Reference Books:
- Michael Cross, Developer’s Guide to Web Application Security, 2007, Syngress Publishing, Inc.
- Ravi Das and Greg Johnson, Testing and Securing Web Applications, 2021, Taylor & Francis Group, LLC.
- Prabath Siriwardena, Advanced API Security, 2020, Apress Media LLC, USA.
- Malcom McDonald, Web Security for Developers, 2020, No Starch Press, Inc.
- Allen Harper, Shon Harris, Jonathan Ness, Chris Eagle, Gideon Lenkey, and Terron Williams Grey Hat Hacking: The Ethical Hacker’s Handbook, Third Edition, 2011, The McGraw-Hill Companies.
For detailed syllabus of all the other subjects of Cyber Security 6th Sem, visit Cyber Security 6th Sem subject syllabuses for 2021 regulation.
For all Cyber Security results, visit Anna University Cyber Security all semester results direct link.