Web Hacking and Defending Web 攻防技術 (FJU-CSIE-Fall 2016)

 

Class Time: Tue 9:10a - Noon Location: SF648
Instructor: Dr. Hsing Mei Office: SF625
Email: mei@csie.fju.edu.tw Phone: 29053704
Office Hour: Mon/Thur 1:30-4:30pm, or by appointment
TA:
許舜博 paul.hsu@weco.net (SF638)
胡翔喻 kevinhu@weco.net  李孟霈 asdfg3865@gmail.com蔡維成 simongoodss@gmail.com
Office Hour of TA: Tue 13:30~15:30​,Fri 9a-Noon, or by appointment

 

Course Objective:
The objective of this course is to introduce the security issues associated with Web 2.0, which including hacking and defending methodologies. Students are expected to apply coding and management techniques to protect the web applications.

 

Prerequisites: Web Fundamentals.

Post-studies: Distributed System, Web Computing.

 

※ Grading:

Class Participation (2 SLS Post x 5%): 10% + Bonus (金盾獎, …)

Labs (Individual): 30%  (Demo)

Collaborated Note (Team): 30%

Term Project (Team, Hands-on): 30%

 

※ Text Book:
http://sls.weco.net/CollectiveNote20/Security
W: H. Wu, and L Zhao, Web Security: A WhiteHat Perspective, Auerbach Publications, April 2015, ISBN-13: 978-1466592612
E: Shreeraj Shah, Web 2.0 Security - Defending AJAX, RIA, AND SOA, Charles River Media, Dec 2007, ISBN-13: 978-1584505501.
http://my.safaribooksonline.com/9781584505501
http://shreeraj.blogspot.com
Dafydd Stuttard, and Marcus Pinto, The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd Edition, Wiley, September 2011,ISBN-13: 978-1118026472
Hanqing Wu, and Liz Zhao, Web Security: A WhiteHat Perspective, Auerbach Publications, April 2015,ISBN-13: 978-1466592612
C: 柯志杰譯, 網頁程式駭客攻防實戰--以 PHP 為例, 旗標出版社, 2007, ISBN:9789574424603.Cyber Joe, PHP CyberTero no Giho – Kogeki to Bogyo no Jissai, Socym(Japan), 2005

 

※References Book:
A. Belapurkar, etc., Distributed Systems Security – Issues, Process, and Solutions, Wiley, 2009
W. Stallings, Cryptography and Network Security. Principles and Practice, 3rd edition, Prentice Hall, 2002
D. Stuttard and M. Pinto, The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws, Wiley, 2007
John Erickson, Hacking: The Art of Exploitation, 2nd Edition, No Starch Press, 2008
Page: http://sls.weco.net/f15-webhack
SLS Group: http://sls.weco.net/course/webhack
Bookmarking: http://del.icio.us/FJU_Security
Grade Enquiries: http://www.elearn.fju.edu.tw/icanxp/
 

Team Report (Team of 4-5):

  1. Survey and/or implementation one of the Collaborated Note topics.
  2. Working on Collaborated Notes.
  3. Written project proposal due 11/8 on SLS course group and FB.
  4. Team Leader is responsible for ALL post on SLS.
  5. ALL member should participate the final demo and presentation.
  6. Cross Grading

              Intra-team effort: 70% Team grade, 30% Individual grade

              Inter-team grade: Due after each demo/oral presentation class

 

共同筆記 2.0 “Web攻防技術” Topics (10Topics): 第一堂課後, Facebook  WECO – Web Hacking and Defending  課程社群開放分組競標http://sls.weco.net/node/27574  

  1. Pokemon Go Hacking - Shaolin Hsu          
  2. Game Hacking and Security - BZ
  3. 用 OWASP Mobile Top 10 檢驗 APP - Henry       
  4. WebView and APP Security - Anfa
  5. IoT Security - Allen
  6. TBA - Orange     
  7. CTF (TBA) - Hsun      
  8. DNS Applications and Security - Loyo
  9. 台灣資安事件攻防 - Bowen Hsu     
  10. TBA - Jeff
 
PS:
同學網路內容的發表請注意智慧財產權相關規定. 其它有關課程使用Social Learning Space (SLS), 課程活動(Google Calendar), 投影片下載, 上課錄影(YouTube), 3D虛擬世界系統(包括 Second Life), 社交網路應用 (包括Facebook)等網路應用上本課程相關群組/頻道/社群的使用, 課程參與(含共同筆記)的計分, 及一般課程及上課注意事項, 請詳閱 HW0.
 
 
Date Course Content  
9/13 Course Introduction, Secirity Review Dr.M
9/20 Pokemon Go Hacking  Shaolin Hsu
9/27 資安素養, War Game Fundamental Post1 Due Steve(1)
10/4 Input validation, SQL Injection, WarGame 2 Steve(2)
10/11 Cookie Spoofing, Session Hijacaking, WarGame 3 Steve(3)
10/18 Game Hacking and Security  BZ(皓文)
10/25 用 OWASP Mobile Top 10 檢驗 APP Henry Yang (皇毅)
11/1 WebView and APP Security Anfa Sam
11/8 (Midterm) 企業資安事件分析 / Ransomware 簡介  Project Proposal Due Allen Own
11/15 軟體分析與遊戲修改 Orange Tsai
11/22 搶旗看世界 - CTF 蜘子珣(Yen Hsun)
11/29 DNS Applications and Security Loyo Fulamce
12/6 台灣企業常見資安弱點 Bowen Hsu
12/13 創業資安問題與解決 小胖 (Jeff Tsai)
12/20 資安職涯規劃   Post 2 Due Sky Yu
12/27  Project Presentation Judges
1/3  Project Presentation Judges
1/10  Due