May 20, 2024  
2023-2024 Course Catalog 
    
Catalog Navigation
  Catalog Home
  Introduction to Century College
  Mission, Vision, Values

  College Calendar

  Course Descriptions and Outlines
  Programs (Century Academic Pathway)
  Programs (Department)
  Programs (A-Z)

  Academic Policies and Program Requirements
  Admissions and Registration
  Application for Admission
  Student Services and Resources
  Student Handbook
  Transfer

  Continuing Education and Customized Training
  College Administration and Faculty
  Maps and Directions
  Archived Catalogs
  My Portfolio
HELP
2023-2024 Course Catalog [ARCHIVED CATALOG]

Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio (opens a new window)

CFI 2088 - Web Application Hacking

Credits: 3
Hours/Week: Lecture 2 Lab 2
Internship hours per week 0
Course Description: This course builds on the topics covered in Introduction to Ethical Hacking, but focuses on web applications. The major phases of penetration testing (reconnaissance, vulnerability analysis and exploitation) remain the same, however, the tools and techniques for web applications vary greatly. The course will cover how to identify and exploit common web application flaws such as cross-site scripting, SQL injection, authentication flaws and more through hands-on labs. Course activities include a comprehensive hands-on exercise, conducting a penetration test against a unique lab web application.
MnTC Goals
None

Prerequisite(s): CFI 1085  and CFI 2086  with grades of C or higher OR instructor consent. 
Corequisite(s): None
Recommendation: None

Major Content
1. Web Application Security
  1. Current State of Web Application Security
  2. Web Application Technologies
2. Web Application Enumeration/Reconnaissance
  1. Application Usage
  2. Spidering
  3. Nikto
  4. Error Messages
3. Client-Side Controls
  1. Bypassing JavaScript
  2. Parameter Tampering
4. Authentication and Session Management Flaws
  1. Failing Open
  2. Cookies
  3. Session Hijacking
  4. Authentication Design Flaws
5. Cross-Site Scripting
  1. Identifying and Exploiting XSS
  2. Automated Exploitation
  3. Bypassing XSS Filters
  4. Escaping/Encoding User Input
6. SQL Injection
  1. DBMS Technologies
  2. Identifying SQL injection
  3. Enumerating Information with SQL injection
  4. Gaining shell from SQL injection
7. Web Application Exploitation
  1. Cross-Site Request Forgery
  2. File Inclusion Attacks
  3. Click Jacking
  4. Server/Application Misconfigurations
  5. Sensitive Data Exposure
  6. OS Command Injection

Learning Outcomes
At the end of this course, students will be able to:

  1. describe the different technologies making up web applications.
  2. explain the phases of ethical hacking and how they relate to web applications.
  3. perform web application security testing in a lab environment.
  4. report ethical hacking findings in a professional format.
  5. identify vulnerabilities in a lab web application.
  6. describe fixes/recommendations for identified vulnerabilities.
  7. identify tools and resources needed to perform ethical hacking against web applications.
  8. describe source code coding and logic flaws that lead to exploitable weaknesses in web applications.
  9. identify cross-site scripting flaws.
  10. identify SQL Injection flaws.
  11. identify file inclusion flaws.
  12. identify OS command injection flaws.
  13. identify authentication flaws.

Minnesota Transfer Curriculum (MnTC): Goals and Competencies
Competency Goals (MnTC Goals 1-6)
None
Theme Goals (MnTC Goals 7-10)
None


Courses and Registration


Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio (opens a new window)