Module details for Ethical Hacking 2

Description

This module develops a critical understanding of advanced techniques used by Ethical Hackers to examine the security of web applications.

Aims

The aim of this module is to provide the student with an understanding of advanced computer hacking and the countermeasures that a company can take to minimise their effect.

Learning Outcomes

By the end of this module the student should be able to:

1.  Analyse and critically evaluate techniques used to test web application security.

2.  Critically evaluate specific countermeasures to advanced hacking techniques

3.  Demonstrate a critical evaluation of an advanced security topic with an independent project.

Indicative Content

1 Overview of Web Application

Core Defence Mechanisms. Handling User Access, Authentication, Session Management, Access Control.

2 Web Application Technologies

HTTP Protocol, Requests, Responses and Methods. Encoding schemes. Server side functionality technologies (Java, ASP, PHP).

3 Injecting Code

Attacking SQL Servers, using SQL injection, E-Mail header injection. PHP injection. Other injection attacks. Preventive Measures.

4 Bypassing Client Side Controls

Manipulating cookies, tampering with parameters and URL's. Web proxies.

5 Attacking Authentication

Attacking Session Management, Design Flaws in Authentication Mechanisms Attacking Forgotten Password Functionality, attacking Password change functions. Countermeasures to authentication attacks

6 Cross Site Scripting (XSS)

Reflected XSS Vulnerabilities, Stored XSS Vulnerabilities, DOM-Based XSS Vulnerabilities. Countermeasures to XSS.

7 Web Server Security

Popular web servers and common security threats. Attacks against IIS and Apache. Increasing web server security. Countermeasures (e.g. correct Web Application Set-up).

8

Teaching and Learning Work Loads