Application Security

Presentations and examples

1. Program of the course
2. Introduction
3. Cryptography in .NET, examples
4. OWASP Top 10, examples
5. Certificates
6. Access Control
7. Web Services Security, examples
8. JWT, OAuth2, examples
9. OpenID Connect
10. WS-Trust, WS-Federation
11. Database security
12. Penetration tests

Exercises

1. Exercises set 1, Cryptography
   Due date: 12.3.2014
2. Exercises set 2, SQL Injection, XSS
   .NET, Java "Kangaroos", Java "Tigers", Python,
   Due date: 19.3.2014
3. Exercises set 3, Injections, CSRF and other attacks
   Due date: 26.3.2014
4. Exercises set 4, Certificates
   .NET, Java "Kangaroos", Java "Tigers", Python,
   Due date: 10.4.2014
5. Exercises set 5, Access Control
   .NET, Java "Kangaroos", Java "Tigers", Python,
   Due date: 17.4.2014
6. Exercises set 6, Tokens and web services
   .NET, Java "Kangaroos", Java "Tigers", Python,
   Due date: 7.5.2014
7. Exercises set 7, OAuth2 and OpenID Connect
   .NET, Java "Kangaroos", Java "Tigers", Python,
   Due date: 21.5.2014
8. Exercises set 8, Database security
   .NET, Java "Kangaroos", Java "Tigers", Python,
   Due date: 4.6.2014
9. Exercises set 9, Penetration tests
   .NET, Java "Kangaroos", Java "Tigers", Python,
   Due date: 11.6.2014

Roadmap

1. 26.2 Introduction, Cryptography in .NET
2. 5.3 OWASP Top 10, part 1
3. 12.3 OWASP Top 10, part 2
4. 19.3 Certificates
5. 26.3 Access Control
6. 16.4 Web Services Security
7. 23.4 JWT, OAuth2
8. 7.5 OpenID Connect
9. 14.5 WS-Trust, WS-Federation
10. 21.5 Security in a database
11. 4.6 Penetration tests

Copryright © 2023 Paweł Rajba