Text

Course syllabus - Penetration Testing for Web Applications

Scope

7.5 credits

Course code

DVA518

Valid from

Autumn semester 2026

Education level

Second cycle

Progressive Specialisation

A1F (Second cycle, has second-cycle course/s as entry requirements)

Main area(s)

Computer Science

Organisation

Department of Computer Science & Engineering

Ratified

2025-11-03

Literature lists

Course literature is preliminary up to 8 weeks before course start. Course literature can be valid over several semesters.

Objectives

This course aims to provide the students with basic knowledge and practical skills in penetration testing of web applications. By exploring the most common vulnerabilities and attack methods, the students will learn how to effectively identify and exploit security flaws. The goal is to provide a solid understanding of the penetration testing process, including planning, execution and reporting of results. The students will also gain hands-on experience with tools and techniques used in the industry, giving them the ability to strengthen the security of web applications and contribute to a safer digital environment.

Learning outcomes

After completing the course, the student should be able to:

  1. demonstrate an understanding of web application architecture and function, and apply this knowledge to conduct effective penetration testing activities,
  2. identify and analyze the most common vulnerabilities in web applications, as well as demonstrate the ability to exploit these flaws during the penetration testing process,
  3. apply various penetration testing techniques and tools to conduct thorough security analyzes of web applications and report the results and
  4. apply and recommend security measures to make web applications more resilient to attacks.

Course content

The course focuses on the central characteristics of web applications with a particular focus on penetration testing and security challenges related to different actors, including users, application providers and providers of services and code libraries. ParticipantsThe students will explore a range of web security concepts, such as authentication, authorization, access control and session management. The course also includes a review of different types of attacks, with special emphasis on injection attacks where code can be executed on the client or server side.

In addition to learning about attacks, participants will also gain insights into effective defenses and security measures used to protect web applications. By combining theoretical knowledge with practical applications, students will be prepared to identify and manage security risks affecting web applications.

Specific requirements

120 credits, of which 80 credits in the subject of engineering, including Cybersecurity Fundamentals 7.5 credits at advanced level and 30 credits in programming or software development. In addition Swedish course 3 or Swedish level 3 and English course 6 or English level 2 are required. For courses given entirely in English exemption is made from the requirement in Swedish course 3 or Swedish level 3.

Examination

PRO1, Project, 2 credits, examines the learning outcomes 1-4, marks Fail (U) or Pass (G). 
SEM1, Seminar, 5,5 credits, examines the learning outcomes 1-4, marks Fail (U), 3, 4 or 5.

A student who has a certificate from MDU regarding disability study support, can request adaptions for the examination. It is the examiner who takes decisions on any adaptions, based on the certificate and other conditions.

Grade

Grading scale: 5, 4, 3

Interim Regulations and Other Regulations

The course completely overlaps with DVA489 Web Security and DVA510 Penetration Testing for Web Applications.