IT Security Summers School. “Web Security” course – theory and practice

The Web Security course took place on 25 – 26 July 2016 during St Petersburg Summer School. Olena Tkachova from Kharkiv National University of Radio Electronics of course presented the theoretical part. The theoretical part includes an overview of the main principles of client-server architecture functionality, actual threats, vulnerabilities and attacks that took place on client and server side. Olena focused on foundation principles of web security and countermeasures, which give ability to prevent attacks and develop secure web applications. The vulnerabilities and attacks that affect to web applications at the network, host, and application levels were enumerated and identified.
The OWASP top 10 vulnerabilities were observed in the course. The students learnt about such type of vulnerabilities as cross-site scripting and Server-Side Request Forgery, broked authentication and weak management access, SQL injection. The principles of network (router, firewall, switches), servers (Web server, Application Server, Database server) and application security including treats countermeasures were discussed. As a result, students obtained knowledge how to design, build, and configure hack-resilient web applications.
Sergei Syroezhkin from Kaliningrad State Technical University provided the practical part. The teaching tools as WebGoat from OWASP and Pentestit from penetrating testing laboratory were used in practice exercises. Students have learnt and tried apply on practice such type of attacks as SQL- injection, cross-site scripting and Server-Side Request Forgery.