Select Page

INSC 561: Web Security and Privacy

Course SummaryProspective Students

Course Summary

(3 credits) A web-centric look at the latest techniques and practices in computer security as they apply to the Internet.

Prerequisite: CSE 543 or IST 815

Overview

This course focuses on:

  1. a practical guide to discovering and exploiting security flaws in web applications
  2. a comprehensive discussion of defending and preventing mechanisms to protect web-centric information assets
  3. an introductory use of commercial-free security testing toolkits.

A step-by-step approach enhanced through active and collaborative learning is the teaching/learning method adopted in this course. Online discussion and hands-on project assignments will be used to help students learn the subject incrementally and effectively. Each lesson:

  • Modules provide instructional content along with related activities and assignments.
  • Students will be asked to participate in online discussions, focusing on the topics discussed in that lesson.
    • Minimum 2 original posts (e.g., one for each question, respectively) are required for each lesson.
  • A hands-on project is required.

Course Objectives

Learning objectives for this course include:

  1. Learn how to discover and exploit security flaws in web applications.
  2. Understand start-of-the-art defending and preventing mechanisms to protect web-centric applications.
  3. Master a list of commercial-free penetration testing packages.

Course Materials

Recommended TextbookTextbook photo
  • The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws (2nd Edition) by Dafydd Stuttard and Marcus Pinto, Wiley Publishing, 2011
    • ISBN: 978-1-118-02647-2
    • Free E-Book Option: An online version of your text is available at no cost as a Penn State Library E-Book. You can access the E-Book through the Library Resources link on the course navigation. You may choose to use the E-Book as an alternative to purchasing a physical copy of the text. For questions or issues, contact the University Libraries Reserve Help (UL-RESERVESHELP@LISTS.PSU.EDU).

Proctored Exams

There are no proctored exams for this course.

Grading and Examinations

A grade is given on the basis of the instructor’s judgment as to the student’s scholarly attainment (see the Penn State Graduate Degree Programs Bulletin, p. 41). The following grading system applies to graduate students:

  • “A” (Excellent) indicates exceptional achievement.
  • “B” (Good) indicates substantial achievement.
  • “C” (Satisfactory) indicates acceptable but substandard achievement.
  • “D” (Poor) indicates inadequate achievement and is a failing grade for a graduate student.

Grades will be based on the following scale:

A = 95-100, A- = 90-94, B+ = 87-89, B = 84-86, B- = 80-83, C+ = 77-79, C = 70-76, D = 60-69, F = Below 60

Throughout the course you will complete 14 Discussions and 7 Hands-on Projects, as noted below:

group discussions Discussion Forums

Students will be evaluated based on their timely and meaningful responses to forum questions. There are 14 graded discussion forums in this course.  At a minimum, each student is expected to post the required number of original posts for forum questions. Quality of interaction will be valued when you answer/respond to the graded online discussion assignments. In addition to the graded Discussion Forums, students are encouraged to share questions, experiences, and helpful informational resources with the rest of the class via the non-graded Discussion Forum (General Discussion Forum).

portfolio icon  Hands-on Projects

Students will complete seven (7) hands-on project assignments. The first two (2) projects are completed individually.  The remaining five (5) project assignments will be completed as group assignments.

When completing group work, your team may choose any method of collaboration or communication that is most effective.  Zoom is available to all students for multi-person video meetings.  If you need any assistance using Zoom, refer to Zoom.psu.edu or contact the World Campus Helpdesk for support.

Assignments are due on the date assigned. If you have a legitimate reason for not completing the assignment or project on time, please email well in advance of the due date for the assignment or project.

Course Topics

  • Web Application Security Basics
  • Websites and Browser’s Extensions
  • Web Application Security Testing Toolkits and Methodologies
  • Penetration Testing Tools
  • Gathering Information on the Target and Bypassing Client-side Controls
  • Attacking User Controls
  • Attacking by Injections
  • Attacking Other Users
  • Attacking the Server and Server-Side Applications

University Policies

Please view the University Policies and Resources which includes important information regarding academic integrity, student disability resources, educational equity, counseling services, and technical requirements.

Prospective Students

For more information on this program, check out the Master of Science in Information Science website!

Share this post:

Share on LinkedIn