Web Application Security for BE Anna University R21CBCS (V, VI (Vertical II - CSE/IT/CSE(AI&ML)/AI&DS/CSE(Cyber Security) - CCS374))

Syllabus Web Application Security - (CCS374) UNIT I FUNDAMENTALS OF WEB APPLICATION SECURITY The history of Software Security-Recognizing Web Application Security Threats, Web Application Security, Authentication and Authorization, Secure Socket layer, Transport layer Security, Session Management-Input Validation. (Chapter - 1) UNIT II SECURE DEVELOPMENT AND DEPLOYMENT Web Applications Security - Security Testing, Security Incident Response Planning, The Microsoft Security Development Lifecycle (SDL), OWASP Comprehensive Lightweight Application Security Process (CLASP), The Software Assurance Maturity Model (SAMM). (Chapter - 2) UNIT III SECURE API DEVELOPMENT API Security - Session Cookies, Token Based Authentication, Securing Natter APIs : Addressing threats with Security Controls, Rate Limiting for Availability, Encryption, Audit logging, Securing service-to-service APIs : API Keys , OAuth2, Securing Microservice APIs : Service Mesh, Locking Down Network Connections, Securing Incoming Requests. (Chapter - 3) UNIT IV VULNERABILITY ASSESSMENT AND PENETRATION TESTING Vulnerability Assessment Lifecycle, Vulnerability Assessment Tools : Cloud-based vulnerability scanners, Host-based vulnerability scanners, Network-based vulnerability scanners, Database based vulnerability scanners, Types of Penetration Tests : External Testing, Web Application Testing, Internal Penetration Testing, SSID or Wireless Testing, Mobile Application Testing. (Chapter - 4) UNIT V HACKING TECHNIQUES AND TOOLS Social Engineering, Injection, Cross-Site Scripting(XSS), Broken Authentication and Session Management, Cross-Site Request Forgery, Security Misconfiguration, Insecure Cryptographic Storage, Failure to Restrict URL Access, Tools : Comodo, OpenVAS, Nexpose, Nikto, Burp Suite, etc. (Chapter - 5)

Read More