As more and more information is available on the web, securing that data becomes increasingly important to protect users.
Tip: Check out the Web Security Google Code University Forum to ask and answer questions.
These course material submissions from industry and academia are designed to help teach web security to students around the world.
|
This submission contains slides that complement each of the
chapters in the book "Foundations of Security: What Every
Programmer Needs To Know" for use by instructors and students
alike. The slides cover secure design principles, common web
application vulnerabilities, an introduction to cryptography, and
much more!
|
|
|
This submission contains two lectures and a programming
assignment that is designed to introduce students to web
based security.
|
|
This guide complements the Web Application Exploits and Defenses
codelab, a hands-on tutorial that teaches students how web
applications are exploited and how they can defend their
applications against attack. While the codelab is self-paced,
it is suitable for use in courses covering application security
and this guide offers exercises that can be used to augment the
codelab in that setting.
|
These videos are great opportunities for students and faculty to hear directly from some of the current pioneers in high-tech. They can also potentially serve as "guest lectures" for courses in these areas.
Presenter: Mike Andrews
Mike Andrews looks at how web applications are attacked, walks through a testing framework for evaluating the security of an application and takes some deep-dives into a few interesting and common vulnerabilities and how they can be exploited.
Presenter: Neil Daswani
This talk discusses recent trends in security, and what every engineer needs to know to prevent the most significant emerging threats such as cross-site scripting and SQL injection attacks.
Just as every engineer might use object-oriented design principles to achieve extensibility and re-usability, every engineer needs to employ principles such as the principle of least privilege, fail-safe stance, and protecting against the weakest link to achieve security.
Instead of focusing on "tips" and "tricks" that allow you to "band-aid" the security of your systems, Neil discusses how to derive defenses based on the application of security principles, such that you can determine how to deal with new threats as they come along or application-specific threats that might be relevant to your domain.
Finally, Neil presents some statistics on the current state of software security vulnerabilities, and discusses existing and upcoming challenges in the field of software security.
Presenter: Neil Daswani
Over the past few years, malware spreading primarily by infecting web pages has been a significant emerging trend that has become so significant that the major search engines (including Google, Yahoo, and MSN) and browsers (such as Firefox, Chrome, and IE 8) have been blacklisting infected web pages to protect users. This presentation provides statistics about this trend, and discusses how we can scalably defend websites from the problem via an open-source, security-as-a-service model that enables hosting providers to protect web sites that they host. I'll also discuss how Dasient's technology platform provides automated diagnosis, monitoring, and quarantining of web-based malware, and a few ways in which search engines, technology providers like Dasient, and hosting providers can collaborate to control the spread of web-based malware.