Week | Topic | Assignments | Due (Mon) |
---|---|---|---|
1 | Course overview, Web Basics Web Programming |
1.1 1.2 |
|
2 | Authentication, Session Management Broken Authentication |
1.3, 1.4 (HW #1) | |
3 | Broken Access Control Unvalidated Redirects/Forwards, File upload, File includes SSRF, XML External Entities (XXE) |
2.1 2.2, 2.3 |
Lab notebook #1, HW #1 |
4 | HTTPS, Sensitive Data Exposure Command, Code injection, SQL injection Blind SQL injection |
3.1 3.2 (HW #2) |
Lab notebook #2 |
5 |
Cross-site Scripting (XSS) Content Security Policy (CSP), Cross-Origin Resource Sharing (CORS) |
4.1 4.2 |
Lab notebook #3, HW #2 |
6 |
Cross-site Request Forgery (CSRF), Clickjacking, Web Cache Poisoning Insecure Deserialization, Web Sockets |
5.1, 5.2 5.3, 5.4, 5.5 |
Lab notebook #4 |
7 |
Request Smuggling, Misconfiguration, Insufficient Logging, APIs Tools (wfuzz, nmap, metasploit, sqlmap, w3af) |
6.1, 6.2, 6.3, 6.4, 6.5 |
Lab notebook #5 |
8 |
Cloud overview, Cloud security (GCP) Cloud vulnerabilities |
7.1, 7.2, 7.3 |
Lab notebook #6 |
9 (remote attendance allowed) |
Cloud security (AWS), AWS CloudGoat iam_privesc_by_rollback, cloud_breach_s3 (in class only) Infrastructure/Security as Code, Terraform, AWS CloudGoat ec2_ssrf, rce_web_app (in class only), AWS Serverless Goat |
8.1, 8.2, 8.3, 8.4 |
|
10 (remote attendance allowed) |
Cyber Kill Chain, Mitre Attack Framework, AWS CloudGoat rce_web_app Mitre Attack Navigator, Defenses, AWS CloudGoat levels |
Lab notebook #7 | |
Finals | Lab notebook #8 Late work deadline (Thursday 3/23 @11:59pm) |
Attendance | 5% |
Programs | 25% |
Lab Notebooks | 70% |