Dr. Drew Hwang, CIS, Cal Poly Pomona
  • Home
  • 101
  • WDD
  • ECOMM
  • SWA
  • SP
Secure Web Development



  • Home
  • Basics
  • Offense
  • Defense
  • SDLC
  • Code
  • Access
  • Parameter
  • Perimeter
  • Browser
  • Industry
  • Resource

    Home

    • Description
    • Topics
    • Tools
    • Final
  • Exercises
    •   Browser Proxy
    •   SQL Injection
    •   Messageboard XSS
    •   Session Hijacking
  • Individual Projects
    •   Input Validation
    •   Defending SQL Injection
    •   CAPTCHA Integration
    •   Cryptography/Hashing
    •   Access Control
    •   Defending CSRF
  • Team Projects
    •   Security Requirements
    •   Issues in SWA
Print

Topics

Basic Concepts

  • The Discipline
  • Definitions
  • Web Applications
  • HTTP Protocols
  • Web Log
  • Misconceptions

Offense

  • Anatomy of Attacks
  • Ethical Hacking Tools
  • Introduction
  • OWASP Top  10  (2007)
  • OWASP Top  10 (2010)
  • OWASP Top  10 (2013)
  • WASC (V2.0)
  • MS Threat Model
  • One More Viewpoint
  • An SQL Injection Model

Defense

  • Defensive Mechanism
  • Input Validation
  • CAPTCHA
  • Cryptography
  • ASP.net Cryptography
  • Identification
  • Authentication
  • Authorization
  • Error Handling

SDLC

  • Microsoft SDL
  • Agile Development
  • Best Practice
  • SR Elicitation
  • Static Analysis
  • Dynamic Analysis

Code

  • HTTP Header Injection
  • Same Origin Policy
  • Cross-Site Scripting
  • Cross Site Request Forgery
  • Database Security
  • SQL Injection

Parameter

  • State Management
  • Direct Object Reference
  • Directory Traversal
  • Session Hijacking
  • Session Fixation
  • Parameter Cryptography

Web 2.0

  • Web 2.0 Security
  • Web Services Security
  • AJAX Security
  • Social Media Security



     News in the Making

              (source: cgisecurity.com)
© Dr. Drew Hwang, Computer Information Systems, Cal Poly Pomona. Copyright 2013. All Rights Reserved.