An open API service indexing awesome lists of open source software.

https://github.com/tech-at-du/acs-3230-web-security

πŸ” This course covers key concepts in internet data security and best practices for keeping information safe. Students will examine historical hacks, learn how to analyze websites and web architectures for classical security vulnerabilities, and learn how to defend against security attacks.
https://github.com/tech-at-du/acs-3230-web-security

security

Last synced: about 16 hours ago
JSON representation

πŸ” This course covers key concepts in internet data security and best practices for keeping information safe. Students will examine historical hacks, learn how to analyze websites and web architectures for classical security vulnerabilities, and learn how to defend against security attacks.

Awesome Lists containing this project

README

          


ACS 3230 @ Dominican University

# ACS 3230: Intro to Web Security

## Course Description

_This course covers key concepts in internet data security and best practices for keeping information safe. Students will examine historical hacks, learn how to analyze websites and web architectures for classical security vulnerabilities, and learn how to defend against security attacks._

## Prerequisites

- [ACS 1120](https://bit.ly/acs1120)

## Course Specifics

**Course Delivery**: online | 7 weeks | 14 sessions

**Course Credits**: 3 units | 37.5 Seat Hours | 75 Total Hours

## Learning Outcomes

By the end of the course, you will be able to…

1. Confidently talk about different types of vulnerabilities within the security space.
2. Defend against vulnerabilities and attacks.
3. Apply web security best practices to your projects.
4. Understand and utilize adversarial security techniques.
5. Use practical techniques for securing applications and web servers.

## Schedule

| Class | Security Category | Topic |
| :---: | :------------------: | -------------------------------------------------------- |
| 1 | _Social Engineering_ | **[Lesson 1]: How to Hack a Human** |
| 2 | _History_ | **[Lesson 2]: Historic Hacks** |
| 3 | _Web_ | **[Lesson 3]: Server-Side Vulnerabilities** |
| 4 | _Web_ | **[Lesson 4]: Securing Data: Sanitization & Validation** |
| 5 | _Web_ | **[Lesson 5]: Client-Side Vulnerabilities** | |
| 6 | _Operational_ | **[Lesson 6]: You've Been Hacked. What Do?** |
| 7 | _Web_ | **[Lesson 7]: OWASP Top 10** |
| 8 | _Web_ | **[Lesson 8]: Cryptography** |
| 9 | _Network_ | **[Lesson 9]: Encryption** |
| 10 | _Operational_ | **[Lesson 10]: DDoS** |
| 11 | - | **Lab Day**: Prepare Study Guide / Mock Interviews |
| 12 | - | **TBD** |
| 13 | _1-1 w/ Dani_ | **Interview Day** |

## Class Assignments

We will be using [Gradescope] this term, which allows us to provide fast and accurate feedback on your work. All assigned work will be submitted through [Gradescope], and assignment and exam grades will be returned through [Gradescope]. As soon as grades are posted, you will be notified immediately so that you can log in and see your feedback. You may also submit regrade requests if you feel we have made a mistake.

Your [Gradescope] login is your Dominican University email, and your password can be changed at [https://gradescope.com/reset_password](https://gradescope.com/reset_password). The same link can be used if you need to set your password for the first time.

### Challenges

Level up your web security and hacking skills by participating in up to 100 [Capture the Flag Challenges](https://ctfd.droxey.com/challenges). To get started, read the [ACS 3230 CTF Setup Guide](Lessons/OWASP.md#Setup). Students must complete `AT LEAST 33` challenges to [pass the course](#Evaluation).

### Assignments

Every assignment is introduced in class. The description of each assignment is below:

| Name |
| ----------------------------- |
| [Social Engineering for Good] |
| [Historic Hacks Presentation] |
| [Jinja SSTI Exploits] |
| [Steganography] |

## Evaluation

To pass this course you must meet the following requirements:

- Complete AT LEAST 21 [Juice Shop Challenges](https://ctfd.droxey.com/challenges).
- The challenges to complete are described [here](Lessons/OWASP.md#Rules-of-Engagement).
- Any participation outside the described [Rules of Engagement](Lessons/OWASP.md#Rules-of-Engagement) will result in a failing grade for the course.
- Complete and pass all in class [assignments](#assignments) on [Gradescope].
- Attend and pass a final Course Reflection interview with the instructor.
- Actively participate in class and abide by the attendance policy.
- Make up all classwork from all absences.

[Gradescope]: https://gradescope.com
[Lesson 1]: Lessons/SocialEngineering.md
[Lesson 2]: Lessons/HistoricalHacks.md
[Lesson 3]: Lessons/ServerSideExploits.md
[Lesson 4]: Lessons/Sanitization.md
[Lesson 5]: Lessons/ClientSideExploits.md
[Lesson 6]: Lessons/IncidentResponse.md
[Lesson 8]: Lessons/Cryptography.md
[Lesson 9]: Lessons/Encryption.md
[Lesson 7]: Lessons/OWASP.md
[Lesson 10]: Lessons/DDoS.md
[Lesson 11]: Lessons/Drills.md
[NSE 1: The Threat Landscape]: https://training.fortinet.com/course/view.php?id=1406
[NSE 2: The Evolution of Cybersecurity]: https://training.fortinet.com/course/view.php?id=2271
[Historic Hacks Presentation]: Lessons/EthicalHacking.md#%f0%9f%92%bb-40m-activity-historical-hacks-research
[Social Engineering for Good]: Lessons/SocialEngineering.md#activity-social-engineering-for-good
[Jinja SSTI Exploits]: Lessons/ServerSideExploits.md#%f0%9f%92%bb-60m-in-class-activity-ssti
[Steganography]: Lessons/Cryptography.md#35m-%f0%9f%92%bb-activity-decoding-a-secret-message
[Juice Box]: Lessons/OWASP.md#60m-%f0%9f%92%bb-activity-juice-shop