Earn Certification from IIT Bombay
By engaging in practical, real-world exercises, you’ll gain valuable experience in safeguarding web applications. Whether you’re a developer, security professional, or IT enthusiast, this course will arm you with actionable skills to ensure the security of your web applications in an interconnected world.
Number of Credits – 6
Time Commitment – 6-8 hours per week
Course Tenure – 10 weeks
Level – Post-Graduate
Mode – Online
Theory Sessions– 1-2hrs per week (pre-recorded videos)
Hands-on Labs – 3hrs per week with TA support
In today’s increasingly connected world, securing web applications is more crucial than ever. This course is designed to provide you with the essential skills needed to protect web applications from the ever-evolving landscape of cyber threats.
With a hands-on approach that dedicates twice as many lab hours as theory, this course offers an in-depth exploration of how the web functions and the core principles of web security. You’ll dive into common web application attacks, understand their mechanisms, and learn effective defense strategies to counteract them.
Program Highlights
Prof. Kameswari Chebrolu is a faculty member in the Department of Computer Science and Engineering at IIT Bombay. Her interests are in developing cutting-edge technology for real-world use and high social impact.
She has conducted numerous teacher-training workshops, impacting over 10,000 educators in specialized Computer Science subjects and the utilization of educational technology tools. Currently, she holds the prestigious Prof. D.M. Dhamdhere Chair for Excellence in Teaching Methods. Prof. Chebrolu’s commitment to excellence has been recognized through awards such as the IITB Excellence in Teaching Award at the departmental level in 2022 and the institute level in 2010.
Prerequisites:
- Knowledge of unix command line
- Knowledge of Python, HTML, CSS, Javascript, SQL
- Knowledge of Cryptography highly recommended, though not essential
Web Background
Motivation, brief history, what constitutes a web page, browser internals, web protocols, session management, server internals
Practical sessions will cover:
- Firefox/Chrome browser developer tools to inspect/edit web pages and network requests
- OWASP ZAP for web application security testing
Server Side Attacks and Defense:
Topics to be covered include:
- SQL (Structured Query Language) Injection
- Server Side Request Forgery (SSRF)
- Information Disclosure
- Command Injection
- File Upload Vulnerabilities
- Authentication and Authorization
- Path Traversal
- Vulnerabilities in APIs
- DOS Attacks
- JWT Attacks
Practical sessions will explore a subset of these server-side attacks and defenses hands-on.
Client-side attacks and defense
Topics to be covered include:
- Cross Site Request Forgery (CSRF)
- Cross Origin Resource Sharing (CORS)
- Cross Site Scripting (XSS)
- Web Sockets
- Clickjacking
Practical sessions will explore a subset of these client-side attacks and defenses hands-on.
Web Security Landscape
- Anatomy of web attacks, OWASP top 10, CVE database, and CVSS scores
- Overall Defense, Web Application Firewalls and Best Practices
Regular Category
Anyone with a recognized 3 or 4 year undergraduate degree in engineering or computer science related area
Student Category
– Any student currently enrolled in a recognized 4-year UG academic program in any branch of Engineering (BE/BTech) or a 3 year UG academic program in Computer Science related areas (BSc/BCA etc.). Should have completed 2 years of course work.
– Any student currently enrolled in a PG academic program in any branch of Engineering (MS/MTech) or in Computer Science related areas (MCA, MSc)
Teacher/Educator Category
Any teacher currently teaching in a recognized engineering or computer science related college
Course Fees
Different categories have different fees (inclusive of taxes) for this course:
Industry professionals: INR 45,500
Students: INR 36,000
Teachers Educators: INR 40,000
Bulk registration discount can be availed by organizations for 10 or more registrations.
Certificate of Participation: Need to meet minimum attendance requirements of 70%; Exam is not necessary.
Certification of Completion: Need to meet both the attendance requirement of 70% and also pass the course with DD or better grade.
IIT Bombay follows a letter grading system: AA-DD. Grading is based on continuous assessment (25%) as well as a proctored final exam at IITB campus (75%). Exam date for the proctored exam will be released at the
start of the course.
