_____   ____________     __ __ _________
   /  _/ | / / ____/ __ \   / // /<  / ____/
   / //  |/ / /_  / / / /  / // /_/ /___ \  
 _/ // /|  / __/ / /_/ /  /__  __/ /___/ /  
/___/_/ |_/_/    \____/     /_/ /_/_____/  
    --- Web Application Security ---       

This course will cover the ins and outs of web application security from the perspectives of the developer, administrator, and attacker. We will cover attacks from the all too common Cross-Site Scripting (XSS) attack through Cross-Site Request Forgery (CSRF), SQL Injection (SQLi), all the way to more advanced topics.

The goals of this course centers around familiarizing students with how to recognize a possible vulnerability, write a proof-of-concept, and provide helpful remediation so that a developer can properly mitigate the issue. The emphasis will be on hands-on learning and the students will be expected to think creatively as they face common defenses and work with unfamiliar frameworks and languages.

Grade breakdown:

• hw: 80%
• final: 20%

Late penalty:

• 10% daily, incremented in 10% steps (24hrs from time due)
• stops at 50% deduction

• Bitsync key: BAPDG2PLBHLTP72NDQLVE3MHVKCF5WUSQ
• Suggested reading: Web Application Hacker's Handbook

• introduction
• class overview
• threat modeling

• tools setup
• capturing traffic

• how the internet works
• client to server communications
• browser basics

• required
  • browsing by hand
• recommended
  • read WAHH chapter 12
  • read WAHH chapter 3

• cross-site scripting (XSS)
  • how it works
  • why it's so common
  • why it's bad
  • how to find it
  • how to mitigate
• reflective XSS
• stored XSS
• XSS demos
• practice: http://xss-quiz.int21h.jp/

• character encoding
• unicode security
• punycode domains

• filter bypass techniques
  • no spaces
  • no script tag
  • XSS via images
  • encoding galore
  • other weirdness
• do stuff
  • filter bypassing

• required
  • XSS challenges
  • pentest report
  • due next thursday

• regular expressions
• SuperSecureBank

• puzzle
• time to work on HW

• advanced payloads
  • exfiltrating cookies
  • inducing user action
  • fake login forms

• recommended
  • reading on CSRF and Clickjacking
    • WAHH Chapter 13 section on "Inducing User Action" (501-515)
    • http://www.troyhunt.com/2013/05/clickjack-attack-hidden-threat-right-in.html

• CSRF
  • how it works
  • why it's bad
  • how to find it
  • how to mitigate
• CSRF demo

• puzzle solution
• how Tor works

• Clickjacking
  • how it works
  • why it's bad
  • how to mitigate
  • special tactics
• Clickjacking demo

• required
  • CSRF challenges
  • clickjacking challenges
  • pentest report
  • due next thursday
• recommended
  • read WAHH chapter 9

• SQL injection
  • how it works
  • why it's bad
  • how to find it
  • how to mitigate
  • how to pull data
  • special tactics
• SQLi demos
• SQL practice

• social engineering

• SQL injection practice
  • OWASP Broken Web Application

• required
  • SQL injection challenges
  • pentest report
  • due next tuesday

• canceled

• keyloggers

• Advanced SQL injection techniques

• required
  • none
• recommended
  • read WAHH chapter 6
  • read WAHH chapter 7

• common authentication issues
  • session fixation
  • session invalidation issues
  • timing attacks
  • user enumeration
  • insufficient entropy

• canceled

• authentication 2.0

• none

• cryptography
  • public/private key
  • forward secrecy
  • hashes
  • stream vs block cipher
  • algorithm modes: ECB, CBC, others

• bitcoin

• single signon
• business logic attacks

• none

• testing techniques
• review HW answers

• canceled

• canceled

• required
  • golden bank pentest
  • pentest report
  • due next thursday

• homework
  • SuperSecureBank pentest
  • pentest report
  • due thursday

• lockpicking
  • slides
  • https://www.youtube.com/watch?v=ChbyaXBKNY8

• final