Difference between revisions of "Deploying IT Infrastructure Solutions 2013"
(→Security testing of web application.)
|Line 13:||Line 13:|
==Security testing of web application
==Security testing of web application==
Revision as of 19:07, 22 March 2013
This is the student results wiki page for the IP program "Deploying IT Infrastructure Solutions" taking place from 24th of March until 6th of April 2013.
All the information regarding program will be presented in the program web page.
Security testing of web application
Learn about the security of web applications. Find vulnerabilities from known vulnerable web applications. Find not known vulnerabilities of development version of web application Study Information Portal (Used by eleven universities of applied science in Estonia) File report that describes methods, tests and findings.
Description of testing methods and findings (all vulnerabilities that students found in development environment) as testing report.
Expectations from students
Understanding web applications (What is difference of GET and POST, how sessions work, what is header etc). Knowledge of at least one web programming language (php, java, ruby, C#, python is preferred)
Several security related topics will covered during lectures and practical classes before starting actual testing. Lecture covers several attack types and vulnerabilities like SQL injection, cmd injection, XSS, CSRF etc. Practical classes based on DVWA (Damn Vulnerable Web Application) After lectures and practical classes students will get access to web application development environment for practical work.
Lecturer: Margus Ernits (Estonian IT College)
Teams and their assignments
Documentation: Demo team
- Member 1, school
- Member 2, school
- Member 3, school