Web Application Security
Links from the class materials and other supplemental information, grouped by chapter:
Chapter 1: Introduction
Chapter 2: Web application security
Links from the text:
Chapter 3: How HTTP works
Links from the text:
Chapter 4: Cryptography in Web Applications
Links from the text:
Chapter 5: Attacking Web Applications
Links from the text:
Additional links, not from the course text, or, software needed for the chapter:
nikto-2.02.tar.gz
web-developer-1.1.6.xpi
burpsuite_v1.1.zip
paros-3.2.13-unix.zip
paros-3.2.13-win.dat
paros-3.2.13-win.exe
paros-3.2.13-src.zip
paros_user_guide.pdf
WebGoat-OWASP_Standard-5.1.zip
(for Linux and Windows)
webgoat-5.1.sh (startup file for Linux)
webscarab-installer-20070504-1631.jar
webscarab-selfcontained-20070504-1631.jar
webscarab-src-20070504-1631.zip
switchproxy_tool-1.4.1-fx+mz+tb.xpi
tamper_data-10.0.4-fx.xpi
Chapter 6: The user controls the client: input validation
Links from the text:
Chapter 7: State and the web
Links from the text:
Chapter 8: Cross-site scripting (XSS)
Links from the text:
Chapter 9: Fail securely
Links from the text:
Chapter 10: XML Security
Links from the text:
Additional links, not from the course text, or, software needed for the chapter:
check-xml.pl
testfile.xml
testfile-good.xml
sample.dtd
INSTALL-CHECKER
Chapter 11: AJAX Security
Links from the text:
Chapter 12: Cross-site request forgery (CSRF)
Links from the text:
Chapter 13: Mashups
Links from the text:
Chapter 14: Other Injection attacks
Links from the text:
Chapter 15: Web services security overview
Links from the text:
Chapter 16: SOAP Security Issues
Links from the text:
Additional links, not from the course text, or, software needed for the chapter:
You will need these files for the lab:
CheckList.pm
names.txt
soap-client.pl
soap-server.pl
These are the modified versions as the lab describes:
soap-client-sol.pl
soap-server-sol.pl
Chapter 17: Web Services
Links from the text:
Chapter 18: Mapping the target web site and server
Links from the text:
SkillBridge Training
Examples from the class notes (or,
all as one file).
Selected Solutions from the class notes (no
looking until you have solved the problems!). Note that all solutions
are in an appendix of your course book.
All solutions in a compressed tar file.
Evaluation form (if needed)