Course syllabus - Penetration Testing for Web Applications

Objectives

This course aims to provide the students with basic knowledge and practical skills in penetration testing of web applications. By exploring the most common vulnerabilities and attack methods, the students will learn how to effectively identify and exploit security flaws. The goal is to provide a solid understanding of the penetration testing process, including planning, execution and reporting of results. The students will also gain hands-on experience with tools and techniques used in the industry, giving them the ability to strengthen the security of web applications and contribute to a safer digital environment. 

Learning outcomes

After completing the course, the student should be able to: 

1. demonstrate an understanding of web application architecture and function, and apply this knowledge to conduct effective penetration testing activities, 
2. identify and analyze the most common vulnerabilities in web applications, as well as demonstrate the ability to exploit these flaws during the penetration testing process, 
3. apply various penetration testing techniques and tools to conduct thorough security analyzes of web applications and report the results and
4. apply and recommend security measures to make web applications more resilient to attacks. 

Course content

The course focuses on the central characteristics of web applications with a particular focus on penetration testing and security challenges related to different actors, including users, application providers and providers of services and code libraries. ParticipantsThe students will explore a range of web security concepts, such as authentication, authorization, access control and session management. The course also includes a review of different types of attacks, with special emphasis on injection attacks where code can be executed on the client or server side. 

In addition to learning about attacks, participants will also gain insights into effective defenses and security measures used to protect web applications. By combining theoretical knowledge with practical applications, students will be prepared to identify and manage security risks affecting web applications. 

Specific requirements

120 credits, of which 80 credits in the subject of technology, including Cybersecurity Fundamentals 7.5 credits at advanced level and 30 credits in programming or software development. In addition, Swedish B/Swedish 3 and English A/English 6 are required. In cases where the course is given in English, exceptions are made to the requirement for Swedish B/Swedish 3. 

Examination

Project (PRO1), an assignment that is presented with a report and a demonstration of the project, 2,5 credits, examines the learning outcomes 1-4, marks Fail (U) or Pass (G). 
Written examination (TEN1), 5 credits, examines the learning outcomes 1-4, marks Fail (U), 3, 4 or 5.

A student who has a certificate from MDU regarding a disability has the opportunity to submit a request for supportive measures during written examinations or other forms of examination, in accordance with the Rules and Regulations for Examinations at First-cycle and Second-cycle Level at Mälardalen University (2020/1655). It is the examiner who takes decisions on any supportive measures, based on what kind of certificate is issued, and in that case which measures are to be applied.

Suspicions of attempting to deceive in examinations (cheating) are reported to the Vice-Chancellor, in accordance with the Higher Education Ordinance, and are examined by the University’s Disciplinary Board. If the Disciplinary Board considers the student to be guilty of a disciplinary offence, the Board will take a decision on disciplinary action, which will be a warning or suspension.

Grade

Pass with distinction, Pass with credit, Pass, Fail

Interim Regulations and Other Regulations

The course completely overlaps with DVA489 Web Security.