COMPUTER SCIENCE AND ENGINEERING DEPARTMENT
IIT Kanpur
CS974: Introduction to Web Security and Network Security
Instructor:
Dr. Sandeep K. Shukla
Computer Science and Engineering Department
Major, Measurable Learning Objectives
Having successfully completed this course, the student will be able to:
- Understand and discover security vulnerabilities in browser side security threats
- Understand and discover vulnerabilities in server side security threats
- Understand and discover mitigation techniques to reduce the risk of cyber-attacks on web applications
- Understand and discover security vulnerabilities in Networked Systems, Protocols, the Internet
- Understand and discover security vulnerabilities in Wireless LAN and defense mechanisms against such vulnerabilities
- Prerequisites and Co-requisites
Prerequisites for this course is the introduction to application security, mobile security and Critical Infrastructure Security, the course on Introduction to Cryptography, and the Course on Computer Networking I.
- Texts and Special Teaching Aids
There is no specific text. We will provide all material via course website. All students are required to register on that website for this class. Most communications, assignments, course material will be only available via the course website. All class videos will also be available there.
- Syllabus
Here is a tentative syllabus for the course -- but this is not set in stone. Some topics may be excluded, and some other topics may be included depending on the progress of the course.
Network Security [50%]
1. Security Issues in TCP/IP – TCP, DNS, Routing (Topics such as basic problems of security in TCP/IP,, IPsec, BGP Security, DNS Cache poisoning etc)
2. Network Defense tools – Firewalls, Intrusion Detection, Filtering
3. DNSSec, S-BGP, IPSec
4. Threat Models, Denial of Service Attacks, DOS-proof network architecture
5. Wireless-LAN Security – WEP, WPA, WPA2 and WPA3
6. Threat Modeling, Attack Surfaces, and other comprehensive approaches to network design for security
Web Security [50%]
- Security architecture of World Wide Web, Security Architecture of Web Servers, and Web Clients
- Web Application Security – Cross Site Scripting Attacks, Cross Site Request Forgery, SQL Injection Attacks
- Content Security Policies (CSP) in web
- Session Management and User Authentication, Session Integrity
- Https, SSL/TLS
|
Module |
Topic |
No. of Hours |
|
Introduction |
Introduction to Network Security, Web Security, Threat Surfaces, Threat Landscape |
1 |
|
Network Security
|
Security Issues in TCP/IP – TCP, DNS, Routing (Topics such as basic problems of security in TCP/IP,, IPsec, BGP Security, DNS Cache poisoning etc)
|
3 |
|
DNSSec, IPSEC, S-BGP |
1 |
|
|
Threat Models, Denial of Service Attacks, DOS-proof network architecture |
1 |
|
|
Wireless-LAN Security – WEP, WPA, WPA2 and WPA3 |
3 |
|
|
Network Defense tools – Firewalls, Intrusion Detection, Filtering
|
1 |
|
|
|
Threat Modeling, Attack Surfaces, and other comprehensive approaches to network design for security |
1 |
|
Web Security |
Security architecture of World Wide Web, Security Architecture of Web Servers, and Web Clients |
1 |
|
Web Application Security – Cross Site Scripting Attacks, Cross Site Request Forgery, SQL Injection Attacks |
4 |
|
|
Content Security Policies (CSP) in web Session Management and User Authentication, Session Integrity |
2 |
|
|
Https, SSL/TLS |
2 |
|
|
Total |
|
20 |