To introduce students to a broad range of web and database vulnerabilities and security issues using various methodologies evolved from OWASP and other sources. Students will also learn how to defend against these attacks as well as how to mitigate risks. Students will also be able to apply these principles to e-commerce web applications and mobile devices.

1. Examine basic database and web application security models
2. Apply database and web application security standards
3. Recommend cryptographic requirements as they pertain to database and web applications
4. Evaluate mobile platform attack vectors
5. Assess insider threats and malware
6. Develop plans for mitigating risks
7. Perform web application vulnerability assessments
8. Prepare reports based on web vulnerability analyses and recommendations

Grades will be assigned based both on concepts and practical application. An overall grade will be assigned on the following grading scale:

Time Commitment: This class is a junior level college class. Please plan on spending roughly 12 hours a week dedicated to this class. 

Reading Assignments: All assigned readings and supplemental material will be used as a basis for class discussions, labs, projects, and assessments. Students are expected to study the assigned readings and materials before each class meeting and may be called upon at random to participate in discussions.

Class Participation: For in-person sections, attendance is required for all days the campus is open. For distance learning students, there is no attendance. 

Quizzes: There will be quizzes throughout the semester to assist with reinforcing concepts introduced through readings and supplemental materials. These quizzes will take a variety of formats.

Exams: There will be one midterm and one final exam which may consist of a written component, or a practical, or a combination of both. Whether you are taking this class in person or online, the test will be open at midnight on Wednesday and you have until 10pm the next day (Thursday) to complete. Please make sure you schedule time for this. There are no makeups on the midterm and final.

Projects: In this course, you will have projects which will be used to enhance your knowledge of topics covered in this class. Projects may, or may not, reflect current topics but may be used to refresh previous topics or to introduce new topics to ensure success in this course. Projects may be assigned on an individual basis or as a group. If assigned as a group, all group members will receive the same grade.

Labs: In this course, you will have labs, each with its unique purpose. These labs are all about hands-on practice, helping you truly grasp the important concepts we cover. Some of these labs will be from the book while others are custom made. You can find detailed instructions for each lab assignment on Blackboard. Make sure to read each lab thoroughly on Blackboard BEFORE attempting.

Assessment Report and Presentation:

     In this course, you will have the opportunity to work in groups to author ONE vulnerability and assessment report on a fictional company. This report will include all aspects of the assessment including different types of reconnaissance used to verify/test vulnerabilities, determining scope and methodologies used for these assessments, as well as recommendations on how to mitigate exposure to these vulnerabilities. Each member is expected to participate in the report writing process.  Each member will receive the same grade. 

     The final part of the assessment report is a group presentation. Generally, this should be done as a slide show presentation with all members of the group participating. The goal is to convince the fictional company to follow your recommendations immediately. All members of the group will receive the same score for the presentation.

     The plan is for all groups to present on May 2nd whether in person or virtually. I will send out a signup sheet in advance. In the event your group cannot present “live”, then please record the presentation and submit through Blackboard for credit. Those who do not participate in the presentation will receive an automatic zero for a grade.
 

Approved Course Texts/Readings:

Internet Security and Web Applications, Second Edition by Mike Harwood and Ron Price Jones & Bartlett Publishing
ISBN:
This book is part of your tuition and you will have access through Blackboard.

Web Penetration Testing with Kali Linux - Third Edition by Gilberto Najera-Gutierrez, Juned Ahmed Ansari - available through O’Reilly books for Higher Education for FREE

NOTE: Unless noted, readings are from the Harwood book.

The instructor reserves the right to make changes to this syllabus and schedule during the semester for the benefit of the students. Any changes that affect grades or grading will be made as needed.

Also, there may be supplemental material added to the syllabus in order to benefit the student. These supplements may include videos, outside readings, special presentations, news articles, case studies, i.e. You are responsible for these materials as outlined on Blackboard.

For ALL students, you must be able and willing to install software and applications on your own, including virtual machines.

Computer/Laptop (minimal) recommendations:

     1.  i5 Intel Processor (but i7 is better)
     2.  16GB RAM (32GB RAM is better)
     3.  500GB SSD Hard drive (500GB/1TB NVME M.2 Hard drive is better)
 

This class can be done with a Mac but may require some outside research on how to use tools and software.