IT Security Summers School. “Web Security” course – theory and practice
The OWASP top 10 vulnerabilities were observed in the course. The students learnt about such type of vulnerabilities as cross-site scripting and Server-Side Request Forgery, broked authentication and weak management access, SQL injection. The principles of network (router, firewall, switches), servers (Web server, Application Server, Database server) and application security including treats countermeasures were discussed. As a result, students obtained knowledge how to design, build, and configure hack-resilient web applications.
Sergei Syroezhkin from Kaliningrad State Technical University provided the practical part. The teaching tools as WebGoat from OWASP and Pentestit from penetrating testing laboratory were used in practice exercises. Students have learnt and tried apply on practice such type of attacks as SQL- injection, cross-site scripting and Server-Side Request Forgery.