Introduction to Web Application Security by 'DROP TABLE groups;

---

Welcome

Welcome to our INFO2009 resource for the 2011-12 coursework. We hope to provide you, through this website, with the tools and knowledge required to create a secure web service or application, and to understand the types of vulnerabilities that may be exploited to compromise your site. We have also created some interactive examples for you to try out some common exploits yourself, and to illustrate the importance of a secure password.

Topic Areas

Why Security Matters

• A Growing Issue
• Recent Attacks

Password Security

• Administrator Passwords
• Storing Passwords
• Brute-Force Password Attacks
• Interactive Example
• Secondary/Alternative Authentication Methods

Cross-Site Scripting

• What is Cross-Site Scripting (XSS)?
• How to protect your site
• Interactive Example

SQL Injection

• What is SQL Injection?
• Examples
• Interactive Example

Other Security Considerations

• HTTPS and Form Encryption
• CAPTCHAs
• Testing with Metasploit

Security Checklist

• PHP
• Apache
• Python & Django
• General

Conclusion and References