Jul 22, 2024  
2019-2020 Course Catalog 
    
2019-2020 Course Catalog [ARCHIVED CATALOG]

Add to Portfolio (opens a new window)

CVF 2088 - Web Application Hacking

Credits: 3
Hours/Week: Lecture 1 Lab 2
Course Description: This course builds on the topics covered in CVF 2086 , but focuses on web applications. The major phases of penetration testing (Reconnaissance, Vulnerability Analysis and Exploitation) remain the same, however, the tools and techniques for web applications vary greatly. The course will cover how to identify and exploit common web application flaws such as cross-site scripting, SQL injection, authentication flaws and more through hands on labs. The final portion of the class includes a comprehensive hands-on exercise, conducting a penetration test against a unique lab web application.
MnTC Goals
None

Prerequisite(s): CVF 1085  and CVF 2086  with grades of C or higher OR instructor consent.
Corequisite(s): None
Recommendation: System administration experience on Microsoft Windows or Linux operating systems.

Major Content
1. Web Application Security

  1. Current State of Web Application Security
  2. Web Application Technologies

2.  Web Application Enumeration

  1. Application Usage
  2. Spidering
  3. Nikto
  4. Error Messages

3. Client Side Controls         

  1. Bypassing JavaScript
  2. Parameter Tampering

4. Authentication and Session Management Flaws

  1. Failing Open
  2. Cookies
  3. Session Hijacking
  4. Authentication Design Flaws

5. Cross-Site Scripting

  1. Identifying and Exploiting Cross-Site Scripting
  2. Automated Exploitation
  3. Bypassing Filters
  4. Escaping/Encoding User Input

6.  SQL Injection

  1. DBMS Technologies
  2. Identifying SQL Injection
  3. Enumerating Information
  4. Gaining a Shell via SQL Injection

7.  Web Application Exploitation

  1. Cross Site Request Forgery
  2. File Inclusion Attacks
  3. Click Jacking
  4. Server/Application Misconfigurations
  5. Sensitive Data Exposure
  6. OS Command Injection

Learning Outcomes
At the end of this course students will be able to:

  1. explain the different technologies making up web applications.
  2. discuss the phases of ethical hacking and how they relate to web applications.
  3. perform web application security testing in a lab environment.
  4. articulate ethical hacking findings in a professional report format.
  5. identify vulnerabilities on a lab web application.
  6. articulate fixes/recommendations for identified vulnerabilities.
  7. identify tools and resources needed to perform ethical hacking against web applications.
  8. explain the coding and logic flaws in source code that lead to exploitable weaknesses in web applications.
  9. identify cross-site scripting flaws.
  10. identify SQL injection flaws.
  11. identify file inclusion flaws.
  12. identify OS command injection flaws.
  13. identify authentication flaws.

Competency 1 (1-6)
None
Competency 2 (7-10)
None


Courses and Registration



Add to Portfolio (opens a new window)