CSS 438: Security Strategies for Web Applications and Social Networking

Course Description

This course will focus on how internet and web-based applications have transformed the way businesses, organizations, and people communicate. With this transformation comes new risks, threats, and vulnerabilities for web-based applications and the people who use them. This course presents security strategies to mitigate the risk associated with Web applications and social networking. (3 credits)

Prerequisites

  • ENG 101: English Composition 1
  • ENG 102: English Composition 2
  • ITE 145: Fundamentals of Information Systems Security
  • ITE 220: Networking & Data Communications (Recommended)

Student Learning Outcomes (SLOs)

Students who successfully complete this course will be able to:

  1. Analyze the impact of the Internet and Web applications on the business world.
  2. Analyze common personal online security threats and risks.
  3. Compare and contrast Web-based risks.
  4. Describe the attributes and qualities of the software development life cycle and secure coding practices.
  5. Analyze the role and importance of audit and compliance to Web application security.
  6. Analyze the role and importance of quality assurance testing for Web applications.
  7. Explain the value and importance of vulnerability and security assessments for Web applications.
  8. Describe popular mobile devices and communications technologies, and their security risks.
  9. Identify store-and-forward and real-time communications, and the threats against them.
  10. Describe common areas of the IT industry and the roles each plays in creating secure environments.

Course Activities and Grading

AssignmentsWeight

Discussions (Weeks 1-3, 6 & 8)

6%

Lab Assignments (Weeks 1-7)

20%

Written Assignments (Weeks 1, 2, 4 & 7)

8%

Project (Weeks 2-8)

37%

Quizzes (Weeks 4-7)

4%

Final Exam (Week 8)

25%

Total

100%

Required Textbooks

Available through Charter Oak State College's online bookstore

  • Harwood, Mike. Internet Security: How to Defend Against Attackers on the Web - Print Bundle for LMS Integrations. 2nd ed. Sudbury, MA: Jones & Bartlett, 2016. ISBN-13: 9781284159660
    • Note: This is a bundle which includes the textbook and the Access Code required for this course. We discourage students from purchasing “used” materials from other sources due to access codes not working properly.

Course Schedule

Week

SLOs

Readings and Exercises

Assignments

1

1,2

Topics: Business Evolution, the Internet & Security Considerations

  • Readings:
    • Chapter 1: From Mainframe to Client/Server to World Wide Web
    • Chapter 2: Security Considerations for Small Businesses
    • Chapter 3: Security Considerations for Home and Personal Use
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 1 Labs
    • Evaluating Web Server Vulnerabilities
    • Obtaining Personally Identifiable Information through Internet Research
  • Submit Week 1 Assignment
    • Common Security Vulnerabilities in E-commerce Applications

2

3

Topics: Understanding & Managing Risk in Web Applications

  • Readings:
    • Chapter 4: Mitigating Risk When Connecting to the Internet
    • Chapter 5: Mitigating Web Site Risks, Threats, and Vulnerabilities
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 2 Lab
    • Performing a Post-Mortem Review of a Data Breach Incident
  • Submit Week 2 Assignment
    • DoS Attacks and Defense Measures
  • Submit Project Part 1: Identify E-business and E-commerce Web Apps for Planned Transformation
  • Submit Project Part 2: Identify Social Networking Apps for Planned Transformation

3

3

Topics: Identifying & Classifying Weaknesses in Web Applications

  • Readings:
    • Chapter 6: Introducing the Web Application Security Consortium (WASC)
  • Read assigned chapter
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 3 Labs
    • Exploiting Known Web Vulnerabilities on a Live Web Server
  • Submit Project Part 3: Identify Risks, Threats, and Vulnerabilities

4

4

Topic: Strategies for Developing Secure Web Applications

  • Readings:
    • Chapter 7: Securing Web Applications
    • Chapter 8: Mitigating Web Application Vulnerabilities
  • Read assigned chapters
  • Review the Lecture material
  • Submit Week 4 Lab
    • Apply OWASP to a Web Security Assessment
  • Submit Week 4 Assignment
    • Best Practices for Software Configuration Management (SCM)
  • Submit Project Part 4: Web Application Vulnerabilities and Motivations for Attack
  • Complete Quiz 1

5

5

Topic: Maintaining PCI DSS Compliance for E-Commerce Web Sites

  • Readings:
    • Chapter 9: Maintaining PCI DSS Compliance for E-Commerce Websites
  • Read assigned chapter
  • Review the Lecture material
  • Submit Week 5 Lab
    • Applying Regulatory Compliance Standards
  • Submit Project Part 5: Analyze the Software Development Life Cycle
  • Complete Quiz 2

6

6,7

Topics: Testing, Quality Assurance and Website Vulnerability Security Assessments

  • Readings:
    • Chapter 10: Testing and Quality Assurance for Production Web Sites
    • Chapter 11: Performing a Web Site Vulnerability and Security Assessment
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 6 Labs
    • Perform Dynamic and Static Quality Control Testing
    • Perform an IT and Web Application Security Assessment
  • Submit Project Part 6: Plan for Compliance
  • Complete Quiz 3

7

8,9,10

Topics: Securing Mobile, Personal and Business Communications

  • Readings:
    • Chapter 12: Securing Mobile Communications
    • Chapter 13: Securing Personal and Business Communications
    • Chapter 14: Security Trends, Training, Education and Certification
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 7 Labs
    • Recognize Risks and Threats Associated with Social Networking and Mobile Communications
    • Implementing a Security Development Lifecycle (SDL) Plan
  • Submit Project Part Project: Part 7: Configuration Management, Change Management, and Test Plans
  • Submit Project: Part 8: Vulnerability and Security Assessment
  • Complete Quiz 4

8

1-10

Topics: Course Review and Final Examination

  • Readings:
    • Chapter 15: Web Application Security Organizations
    • Review the material from the previous weeks to prepare for Final Exam
  • Read assigned chapter
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 8 Assignment
    • A Comparison of Security Agencies
  • Submit Project: Part 9: Mobile Device Security
  • Submit Project Part 10: Web Security Life Cycle
  • Complete Final Exam
  • Complete the Course Evaluation

COSC Accessibility Statement

Charter Oak State College encourages students with disabilities, including non-visible disabilities such as chronic diseases, learning disabilities, head injury, attention deficit/hyperactive disorder, or psychiatric disabilities, to discuss appropriate accommodations with the Office of Accessibility Services at OAS@charteroak.edu.

COSC Policies, Course Policies, Academic Support Services and Resources

Students are responsible for knowing all Charter Oak State College (COSC) institutional policies, course-specific policies, procedures, and available academic support services and resources. Please see COSC Policies for COSC institutional policies, and see also specific policies related to this course. See COSC Resources for information regarding available academic support services and resources.