Exploiting and Protecting Web Applications

XACS133

Stanford School of Engineering


Thumbnail

Description

Web applications are vulnerable to many types of attacks to which traditional client-server applications are not as susceptible. These vulnerabilities, over the past several years, have resulted in attacks that have exposed companies to monetary losses and reputational damage.

This course covers these vulnerabilities, how attacks are constructed based on them, and techniques that can be used to mitigate such vulnerabilities.

Example web vulnerabilities covered in this course include client-state manipulation, cookie-based attacks, SQL injection, cross domain attacks (XSS, XSRF, XSSI), DNS rebinding, timing attacks, user tracking, and HTTP header injection. In addition, this course covers security issues that can arise in Web 2.0 and HTML5 applications that take advantage of heavy use of JavaScript, AJAX, mash-ups, and HTML5 extensions.

What you will learn

  • Overview of Web Technologies (HTTP, cookies, JavaScript, caching, session management)
  • Browser Security Model (document object model, same-origin-policy andviolations of it), and SSL
  • Coverage of HTML5 vulnerabilities due to frame communication, localstorage, cross-origin resource sharing, and other HTML5 features
  • SQL Injection (and other forms of command injection including LDAP andXPath Injection)
  • Cross-site scripting (XSS), cross-site request forgery (XSRF), andcross-site script inclusion (XSSI), Clickjacking
  • Prevention techniques including input validation, output escaping, signatures, message authentication codes, and frame busting

Exclusive Interviews

  • Mukul Khullar, Staff Information Security Engineer, LinkedIn
  • Parisa Tabriz, Engineering Director, Google

This course is approximately 4 hours of video content with 1.5 hours of coursework.

Tuition

The All-Access Plan—a full year to view and complete course materials, video lectures, assignments and exams, at your own pace. Revisit course materials or jump ahead – all content remains at your fingertips year-round. You also get 365 days of email access to your Stanford teaching assistant.

$2,970 for one-year access to all 8 online courses
+   $75 (one-time document fee)
$3,045

Individual Courses—60 days to view and complete course materials, video lectures, assignments and exams, at your own pace. You also get 60 days of email access to your Stanford teaching assistant.

  • $495 per online course
  • $75 one-time document fee

Continuing Education Units

By completing this course, you’ll earn 1 Continuing Education Unit (CEU). CEUs cannot be applied toward any Stanford degree. CEU transferability is subject to the receiving institution’s policies.

Record of Completion

When you complete each course, you’ll receive an email with a link to download your Record of Completion. This email will be sent to the address you provide in your mystanfordconnection within 3 business days of course completion.

On Demand Webinars

View our free on-demand webinars to get a preview of the courses we have to offer.

Questions

Please contact
650.741.1547
scpd-acs-mail@stanford.edu

047 All-Access Plan

Enroll Now

Delivery Option:
Online
Fees:
All Access Online Course $495.00
Notes:

Course Access  
366 day access to the online course starts upon payment.

Course Materials
Course materials are available for download from the online videos page to allow for printing and review.

Final Exam:
Online participants are asked to complete a final exam at the end of each course to maintain the integrity of the program. A digital record of completion will be emailed to participants when they pass the exam.

Course Evaluation:
It is required that participants complete the course evaluation once they have passed the final exam.

This course may not currently be available to learners in some states and territories.

048 Online

Enroll Now

Instructors:
Delivery Option:
Online
Fees:
Online Course $495.00
Notes:

Course Access
60 day access to the online course starts upon payment. 

Course Materials
Course materials are available for download from the online videos page. All materials are available for printing and review upon enrollment.

Final Exam
Online participants are asked to complete a final exam at the end of each course to maintain the integrity of the program. A score of 85% must be achieved to successfully pass the exam. A digital record of completion will be emailed to participants when they pass the exam.

Course Evaluation
It is required that participants complete the course evaluation once they have passed the final exam.

This course may not currently be available to learners in some states and territories.