Giters

IsaacShrestha / CYBR8470

This repo contains a digitized version of the course content for CYBR8470 Secure Web App Development at the University of Nebraska at Omaha.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Table of contents

Online discussion area
Location
Supplies
Class topics
Syllabus
License

Viewing these materials

The class materials are best viewed at https://mlhale.github.io/CYBR8470/

Online Discussion Area

I have setup an online discussion board on slack.com for usage in this class. If you decide to work on a group project, I can create some private channels for you to work on, but I want to be able to participate in your conversations - so please use the space on slack.

Go to drhale8470.slack.com and use your unomaha email address to register an account. Alternatively, you can use this link.This will give you access to the class slack channel. The chat channel is for general discussions with me or your fellow classmates. The questions channel is for you to ask public questions that I will answer for the whole class. This is better than email if you think that the answer to your question might benefit everyone. You can also send me private messages. Generally I am faster at replying on slack than I am by email.

Location

All classroom activities will take place in PKI room 260 unless otherwise noted ahead of time.

Supplies

  • Laptop with the ability to run Docker and a text editor
  • Generally this means 6-8+ GB Ram, modern processor

Hardware/software

Texts

Lab Listing (links also in Class topics)

Class Topics

2016 Archived Lab content

secwebdev.mlhale.com

2016 Projects and Final Presentations:

Syllabus

Date/Time: Tuesday 5:30pm – 8:10pm Instructor: Dr. Hale Office: PKI 174-D, (402) 554-3978 Office Hours: Open door policy, or by appointment E-mail: mlhale@unomaha.edu

Course Abstract

Web applications are pervasive fixtures of 21st century culture. Web application security is an inclusive, amorphous, term that spans application level security, i.e. ensuring high level code cannot be exploited, server level security, i.e. ensuring server resources such as databases and file systems cannot be exploited, and network security, i.e. ensuring unauthorized parties cannot access a server or tamper with user sessions. The Secure Web Application Development course will mix traditional lecture with hands-on labs to expose students to common web development activities and cross-cut different web application security concepts. After the class, students will be proficient with web application security from the ground up, including the ability to securely deploy and configure a web server (e.g. apache or node.js), select and install a web development framework to best suit application and security requirements (e.g. Django, Ember, or both), and develop secure application architectures and code using at least one web framework. Students will also leave with a basic understanding of core web protocols including TCP/IP, SSL, and HTTP/HTTPs, web development tools (e.g. chrome dev toolkit), unit testing (e.g. QUnit), and best practices for accepting, parsing, and storing user input.

Grading Breakdown

  • (30%) Labs
    • Twitter REST API (Lab 1 - no rubric)
    • Containers (Lab 2 - no rubric)
    • Building a Server (Lab 3 - no rubric)
    • Penetration Testing (Lab 4 - no rubric)
    • Javascript (Lab 5 - no rubric)
    • Ember (Lab 6 - no rubric)
  • (15%) Project Milestone 1 - Product Ideation, Design, Mockup, and Prototype
  • (25%) Project Milestone 2 - Implementation and Documentation
  • (20%) Class Wide Community Service Project
  • (10%) Class Participation

Each project will have a specific grading rubric that includes the core requirements for the project (i.e. what the application must do), any required intermediate milestone goals (such as short progress meetings with the instructor), the project due date, and the list of items that must be submitted. Each project will include a presentation component to be presented in class on the project due date. Projects build upon each other. The final Project is considered to be comprehensive. This means that there is no final exam. Final Project presentations will be presented on the day of the Final (December 14th during normal class time).

Attendance

  • Class Attendance: You do not have to attend class except on presentation days (see below). Given the course is one day a week, attendance is highly recommended. Missing a single class is equivalent to missing 2-3 classes of a normal course. If you miss class, you are responsible for getting the material – including any assigned project work.
  • Presentation Attendance (Mandatory): If you miss class on a presentation day (Dates TBA) you will receive a 0 on the presentation portion of the project grade unless you have a university-approved excuse or an approved extension (see below).
  • Part of your grade is based on class participation - which includes being present and actively engaged in class.

Group Work

Students may choose (or be compelled) to work in groups. Group projects will include an individual participation grade worth 40% of the total group points, e.g. a group may make a 100% on a particular project, but an individual with low participation in the group may make a 60%. Participation will be anonymously rated by other group team members and the instructor.

Team formation

The instructor reserves the right to make a change to any team or any project during the course of the semester for any reason that may or may not be disclosed. Project rescoping will be performed in this event.

Service Learning / Real World Customers

As part of UNO’s strategic initiatives, individuals or groups may be partnered with community organizations in Omaha for service learning through the center for community engagement. If community partners can be identified, student projects (group or individual) in the class will develop secure web applications for meeting community needs. In the event of community projects, appropriate scoping will be considered to ensure that community needs can be met within the time constraints of the coursework.

Project Extensions and Late work

Sometimes unforeseen events occur or development takes longer than expected. In such cases, project extensions will be allowed. To receive a project extension, individuals or groups must request an extension at least 24hours in advance of the project due date. Extension time frames are at the discretion of the instructor, but generally will not be longer than 1 week. Failure to request an extension 24 hours prior to the due date means that the work is due at the specified time. Late work without a requested extension will receive a 5% point reduction per day up to a total of 40%. Late work submitted 2 weeks after an original (or extended) due date will not be accepted.

Special accommodations for students with disabilities

Students with disabilities requiring special accommodations must contact disability services. Disability services may be reached by phone at (402) 554-2872 or by email at unodisability@unomaha.edu.

Special accommodations for active duty or reserve military

Students serving in the military requiring special accommodations (e.g. unit deployment) must contact the office of Military and Veteran Services by phone at (402) 554-2349 or by email at unovets@unomaha.edu.

Plagiarism

The university policies on cheating and plagiarism apply in this course. Except on designated group work, the expectation is that every student will do their own work. Students under suspicion of plagiarism for individual assignment submitted materials will be given an opportunity to defend themselves. If after defense the instructor still believes the work to be plagiarized the department chair will be notified and the grade evaluation for the assignment will be lowered to a value between 50% and 0% at the discretion of the instructor. If a second occurrence of plagiarism occurs, the student will receive an F for the course and the registrar’s office will be notified that the student is not permitted to withdraw from the course. In addition the department chair and dean will be notified.

Work Retainment

The CS and IS programs in the College of IS&T are accredited through ABET (the Accreditation Board for Engineering and Technology. This organization occasionally requires that we keep samples of student work.

The instructor may retain a copy of your exams (with names and any other identifying information removed) for accreditation or pedagogy purposes, unless you specify otherwise in writing.

In addition, the instructor retains the right to use any code or project artifacts developed in the course for pedagogy, research, or service learning purposes. Student web project code developed in the course may be used in future secure project development courses, by the instructor for research purposes, or by designated stakeholders.

License

Secure Web App Development Copyright (C) 2016 Dr. Matthew L. Hale

Lesson content

Copyright (C) Dr. Matthew Hale 2017.

Creative Commons License
This lesson is licensed by the author under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Software affiliated with the course

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

What does GPLv3 mean?

tl;drLegal summary

About

This repo contains a digitized version of the course content for CYBR8470 Secure Web App Development at the University of Nebraska at Omaha.

Languages

Language:HTML 81.4%Language:JavaScript 11.6%Language:CSS 7.0%