XACS133 -
Exploiting and Protecting Web Applications
Online
Overview
Web applications are vulnerable to many types of attacks to which traditional client-server applications are not as susceptible. These vulnerabilities, over the past several years, have resulted in attacks that have exposed companies to monetary losses and reputational damage.
This course covers these vulnerabilities, how attacks are constructed based on them, and techniques that can be used to mitigate such vulnerabilities.
Example web vulnerabilities covered in this course include client-state manipulation, cookie-based attacks, SQL injection, cross domain attacks (XSS, XSRF, XSSI), DNS rebinding, timing attacks, user tracking, and HTTP header injection. In addition, this course covers security issues that can arise in Web 2.0 and HTML5 applications that take advantage of heavy use of JavaScript, AJAX, mash-ups, and HTML5 extensions.
Instructors
- Dan Boneh Professor, Computer Science and Electrical Engineering
- Neil Daswani Chief Information Security Officer, LifeLock
- John Mitchell Professor, Computer Science
Topics Include
- Overview of Web Technologies (HTTP, cookies, JavaScript, caching, sessionmanagement)
- Browser Security Model (document object model, same-origin-policy andviolations of it), and SSL
- Coverage of HTML5 vulnerabilities due to frame communication, localstorage, cross-origin resource sharing, and other HTML5 features
- SQL Injection (and other forms of command injection including LDAP andXPath Injection)
- Cross-site scripting (XSS), cross-site request forgery (XSRF), andcross-site script inclusion (XSSI), Clickjacking
- Prevention techniques including input validation, output escaping,signatures, message authentication codes, and frame busting
Recommended
We recommend you have the equivalent of a BS in Computer Science and a background in security.
We highly recommend that you take this course, Software Security Foundations (XACS101) as the 1st course within the Stanford ACS certificate program. It provides the fundamentals necessary for the subsequent courses in the program.
Other
Tuition
- $495 per online course
- $75 one-time document fee ?
On Demand Webinars
View our free on-demand webinars to get a preview of the courses we have to offer.
Questions
Please contact
650.741.1547
scpd-acs-mail@stanford.edu
Certificates and Degrees
Application
Applications may be submitted online at anytime. Sample Application