Application and Software Security and Forensics - ZEIT8025
Faculty: UNSW Canberra at ADFA
School: School of Engineering & Information Technology @ UNSW Canberra at ADFA
Course Outline: ZEIT8025 Course Outline
Campus: UNSW Canberra at ADFA
Career: Postgraduate
Units of Credit: 6
EFTSL: 0.12500 (more info)
Indicative Contact Hours per Week: 6
CSS Contribution Charge: (more info)
Tuition Fee: See Tuition Fee Schedule
Further Information: See Class Timetable
View course information for previous years.
Description
This course examines the common vulnerabilities which can occur in the design and implementation of web-based applications and services. The workshop tool kit is based upon the OWASP (Open Web Application Security Project) project and incorporates use of WebGoat, WebScarab and various web services.
The key topics include:
· AJAX (Asynchronous JavaScript and XML) Security / DOM Injection
· Authentication flaws
· Cross-Site Scripting (XSS)
· Cross-Site Request Forgery (CSRF)
· Injection flaws and Web Service JavaScript Injection
· Parameter tampering, log spoofing, silent attacks and others
There are a range of application level vulnerabilities which can be exploited and this course utilises with a variety of tools and techniques which can be used for penetration at the application level. The key topics include:
· Privilege escalation
· Buffer Overflow – operation and remote exploitation
· Use of Backtrack tools – metasploit, metasploitable, meterpreter
· Studies of vulnerability exploitation in services such as distcc (distribution for C code), postgres (object-relational database management system)
· Fuzzers
The key topics include:
· AJAX (Asynchronous JavaScript and XML) Security / DOM Injection
· Authentication flaws
· Cross-Site Scripting (XSS)
· Cross-Site Request Forgery (CSRF)
· Injection flaws and Web Service JavaScript Injection
· Parameter tampering, log spoofing, silent attacks and others
There are a range of application level vulnerabilities which can be exploited and this course utilises with a variety of tools and techniques which can be used for penetration at the application level. The key topics include:
· Privilege escalation
· Buffer Overflow – operation and remote exploitation
· Use of Backtrack tools – metasploit, metasploitable, meterpreter
· Studies of vulnerability exploitation in services such as distcc (distribution for C code), postgres (object-relational database management system)
· Fuzzers
Study Levels
UNSW Quick Links
