Except as otherwise noted,
the content of this page is licensed under the Creative Commons
Attribution 2.5 License.
©2008 Google -
Code Home -
Site Terms of Service -
Privacy Policy -
Site Directory
Web Security
As more and more information is available on the web, securing that data becomes increasingly important to protect users.
Contributed Course Content
These course material submissions from industry and academia are designed to help teach web security to students around the world.
|
This submission contains two lectures and a programming
assignment that is designed to introduce students to web
based security.
|
Video Lectures
These videos are great opportunities for students and faculty to hear directly from some of the current pioneers in high-tech. They can also potentially serve as "guest lectures" for courses in these areas.
How to Break Web Software
-
Presenter: Mike Andrews
Mike Andrews looks at how web applications are attacked, walks through a testing framework for evaluating the security of an application and takes some deep-dives into a few interesting and common vulnerabilities and how they can be exploited.
What Every Engineer Needs to Know About Web Security and Where to Learn It
-
Presenter: Neil Daswani
This talk discusses recent trends in security, and what every engineer needs to know to prevent the most significant emerging threats such as cross-site scripting and SQL injection attacks.
Just as every engineer might use object-oriented design principles to achieve extensibility and re-usability, every engineer needs to employ principles such as the principle of least privilege, fail-safe stance, and protecting against the weakest link to achieve security.
Instead of focusing on "tips" and "tricks" that allow you to "band-aid" the security of your systems, Neil discusses how to derive defenses based on the application of security principles, such that you can determine how to deal with new threats as they come along or application-specific threats that might be relevant to your domain.
Finally, Neil presents some statistics on the current state of software security vulnerabilities, and discusses existing and upcoming challenges in the field of software security.