{"ModuleCode":"CS5331","ModuleTitle":"Web Security","Department":"Computer Science","ModuleDescription":"This module aims to prepare graduate students for understanding the security of the latest web platform and its interplay with operating systems and the cloud infrastructure. The topics covered include the design of web browsers and web applications, vulnerabilities in web applications and web browsers, design of web scanners, authentication in web-based platforms, security policies and enforcement mechanisms. This module also covers security topics on the interface between the web platform and the backend systems, such as the underlying database systems and cloud infrastructure.","ModuleCredit":"4","Workload":"2-0-0-4-4","Prerequisite":"CS3235 Computer Security","Types":["Module"],"Lecturers":["Prateek Saxena"],"IVLE":[{"Announcements":null,"Forums":[],"Workbins":[],"Webcasts":[],"Gradebooks":[],"Polls":[],"Multimedia":[],"LessonPlan":[],"ID":"bc07398b-ec56-42be-b9e9-ac8da4e8bcfe","CourseLevel":"1","CourseCode":"CS5331","CourseName":"WEB SECURITY","CourseDepartment":"","CourseSemester":"Semester 2","CourseAcadYear":"2014/2015","CourseOpenDate":"/Date(1420560000000+0800)/","CourseOpenDate_js":"2015-01-07T00:00:00","CourseCloseDate":"/Date(1431791940000+0800)/","CourseCloseDate_js":"2015-05-16T23:59:00","CourseMC":"0","isActive":"N","Permission":"S","Creator":{"UserID":null,"Name":"Prateek Saxena","Email":null,"Title":null,"UserGuid":"e4058da4-5373-4381-9daf-13c8d23fd4dd","AccountType":null},"hasGradebookItems":true,"hasTimetableItems":true,"hasGroupsItems":false,"hasClassGroupsForSignUp":false,"hasGuestRosterItems":true,"hasClassRosterItems":true,"hasWeblinkItems":true,"hasLecturerItems":true,"hasDescriptionItems":true,"hasReadingItems":false,"hasAnnouncementItems":false,"hasProjectGroupItems":false,"hasProjectGroupsForSignUp":false,"hasConsultationItems":false,"hasConsultationSlotsForSignUp":false,"hasLessonPlanItems":false,"Badge":0,"BadgeAnnouncement":0,"WebLinks":[{"ID":"bb10de5c-9eb5-443e-91c5-a5de80a4c5ae","URL":"http://www.comp.nus.edu.sg/~prateeks/teaching/sp15/cs5331-sp15.html","Description":"Online course web site","Order":1,"Rating":4,"SiteType":""}],"Lecturers":[{"ID":"13b4b404-7701-4b4f-96ce-bfc723c540d5","User":{"UserID":null,"Name":"Prateek Saxena","Email":null,"Title":null,"UserGuid":"e4058da4-5373-4381-9daf-13c8d23fd4dd","AccountType":null},"Role":"Lecturer ","Order":1,"ConsultHrs":null},{"ID":"b82763a7-94ab-4393-abb3-f2f664fe7e64","User":{"UserID":null,"Name":"LUU THE LOI","Email":null,"Title":null,"UserGuid":"a03f01ae-194c-429f-ae6a-8023ee5a6537","AccountType":null},"Role":"Teaching Assistant ","Order":2,"ConsultHrs":null},{"ID":"ee0d07a4-3776-4d8b-bb74-826fc3efd92e","User":{"UserID":null,"Name":"LI GUODONG","Email":null,"Title":null,"UserGuid":"4a96ebac-782c-4e44-97a7-5d23e8bbf6e1","AccountType":null},"Role":"Teaching Assistant ","Order":3,"ConsultHrs":null}],"Descriptions":[{"ID":"1e5f053b-8835-4692-be49-41f07234cfff","Title":"Learning Outcomes","Description":"This module aims to prepare graduate students for understanding the security of the latest web platform and its interplay with OSes and the cloud infrastructure. The topics covered include the design of web browsers and web applications, vulnerabilities in web applications and web browsers, design of web scanners, authentication in web-based platforms, security policies and enforcement mechanisms. This module also briefly touches on security topics on the interface between the web platform and the backend systems, such as the underlying database systems and cloud infrastructure.
\n
\nAfter having taken this course, you will be able to:
\n* Develop rich web applications with secure coding practices
\n* Perform a security audit of web applications for security holes
\n","Order":1},{"ID":"2e5f053b-8835-4692-be49-41f07234cfff","Title":"Prerequisites","Description":"CS3235 Computer Security","Order":2},{"ID":"6e5f053b-8835-4692-be49-41f07234cfff","Title":"Syllabus","Description":"
\n\t\t\t\tThe following topics are covered: \n\t\t\t\t- Introduction to web platform: Browser-server trust model, HTTP, cookies, session, etc. \n\t\t\t\t- Basics of web development: HTML, CSS, JS. \n\t\t\t\t- Network attackers vs. web attackers \n\t\t\t\t- Web application vulnerabilities: \n\t\t\t\t * XSS, SQLI, CSRF, Parameter Tampering, Parameter Pollution, authentication flaws, access control and logic flaws, etc. \n\t\t\t\t- Browser design & implementation vulnerablities, Browser addon and plugin security \n\t\t\t\t- Advanced topics (e.g. web privacy, scanning tools) | \n\t\t
\n\t\t\t\tThere are no written exams. All assesment is continuous and via 3-4 week long assignments which can be done in groups of 4 members. \n\t\t\t\tThe class has a heavy workload on programming assignments. You are expected to pick up web development skills independently during the course. The instructor will provide 3 implementation-heavy, hand-on projects. The security of your developed code will be tested by your fellow course students and TAs. \n\t\t\t\tThis constitutes all the course grade. For details, please come to the first lecture. \n\t\t\t\t | \n\t\t