Trust Lab presents an 8-day summer course (June 15-23) by Prof. Kameswari Chebrolu for educators, students, and working professionals from both industry and government organizations.

The course will feature theory sessions in the morning, followed by afternoon labs. Daily quizzes will assess participants’ understanding. Upon course completion, participants will receive a Certificate from IIT Bombay. The course material will be available to the participants for one-year from the completion of the course. 

In today’s digital world, web security has become a critical concern for individuals, businesses, and governments. This three-module Hands-on Web Security Course led by Prof. Kameswari Chebrolu will equip participants with the necessary expertise to safeguard web applications in an increasingly connected world. Through a combination of theoretical lectures, practical demonstrations, and immersive lab sessions, participants will explore how the web works, its guiding security principles, various attacks that can be launched against web applications and how to defend against such attacks gaining actionable insights in real-world scenarios.

Course Highlights

Rigorous Hands-On Lab Work: Explore real-world web security challenges.

Cutting-Edge Curriculum: Stay ahead of the curve with up-to-date content, ensuring relevance and applicability in today’s rapidly evolving cybersecurity landscape.

Associate with IIT Bombay:  Add credibility to your professional profile by becoming a certified professional from IIT Bombay.

Teachers/Educators who want to expand their knowledge to impart web security skills to students effectively, keep abreast of current trends/techniques in cybersecurity, and meet evolving educational demands.

Students who engage in practical lab work and real-world scenarios will gain invaluable hands-on experience and practical skills crucial for future success.

Industry professionals will learn to safeguard digital assets in their respective industry and stay up to date in the evolving cybersecurity landscape.

Government employees will understand the importance of web security in safeguarding government assets. 

The below amounts include 18% GST per participant.

  • Academia (Students & Faculty): INR 41, 300
  • Govt./Industry Professionals : INR 57, 820
  • Overseas/Foreign National: INR 1, 16, 820

Participants have the option to avail of accommodation facilities on a first-cum-first served basis on the IIT Bombay campus for the duration of the course either in the Institute Guest House or at the hostel at extra cost. We have limited room which can fill up fast, so please apply at the earliest.  However, it is encouraged that all participants arrange for their own accommodation.

Refer to the FAQs section for more details.

Prof. Kameswari Chebrolu, from the Department of Computer Science and Engineering at IIT Bombay, is the course instructor.  She has conducted numerous teacher-training workshops, impacting over 10,000 educators in specialized Computer Science subjects and the utilization of educational technology tools. Currently, she holds the prestigious Prof. D.M. Dhamdhere Chair for Excellence in Teaching Methods. Prof. Chebrolu’s commitment to excellence has been recognized through awards such as the IITB Excellence in Teaching Award at the departmental level in 2022 and the institute level in 2010.

The course starts on June 15, 2024 (Saturday) and ends on June 23, 2024 (Sunday). However, Sundays are half-days, making a total of 8 days for the course.

Theory lectures with code walk through will be done in the morning lecture slots.

Afternoon slots will be exclusively for lab sessions. There will be immersive lab sessions, where the participants will mostly do activity-based learning, thus gaining practical exposure in tackling system vulnerability and security attacks.

Quizzes will be conducted daily to gauge the understanding of the participants.

Module 1: Web Background

Covers web fundamentals. Topics include: Brief history of the web, what constitutes a web page, browser internals, web protocols, session management, server internals, and the current web security landscape. 

 

Hand-in-hand with this theory, we will also explore some practical sessions involving the usage of Wireshark to explore web protocol traffic, Firefox/Chrome browser developer tools to inspect/edit web pages, cookies, storage, and OWASP ZAP, a versatile tool for web application security testing.

Focuses on Server-side attacks and defense. Topics include: SQL injection, Server Side Request Forgery (SSRF), Information disclosure, Command injection, File Upload Vulnerabilities, Authentication, Authorization, Path traversal, DDOS. Labs will explore a subset of these topics hands-on.

Highlights client-side attacks and defense, Topics include:  Cross-Site Request Forgery (CSRF), Cross-Origin Resource Sharing (CORS), Cross-Site Scripting (XSS), Web sockets, Clickjacking. Labs will explore a subset of these topics hands-on. 

At the conclusion of the modules, a lecture on special topics such as Third Party Code, Web LLM attacks, Subdomain Takeover, etc. will also be covered.

Prerequisites: Basic knowledge of Unix command line, HTML, CSS, Javascript, SQL is essential to take full advantage of the course. While in theory lectures, when showcasing vulnerabilities, all used code will be fully explained line by line but for hands-on labs, those without this knowledge will find it difficult to complete the labs. Exposure to Python, PHP, or other dynamic web frameworks is also useful but not necessary.

Course Details

What can one learn in the Summer Course on Web Security?
The Web Security Course will equip participants with the necessary expertise to safeguard digital assets and infrastructure in an increasingly connected world. Through a combination of theoretical lectures, practical demonstrations, and immersive lab sessions, participants will explore the intricacies of Web Security, gaining actionable insights that can be applied immediately in real-world scenarios.

Who can attend the course on Web Security?
This course caters to a diverse audience, including students, educators and working professionals from both industry and government sectors. Some knowledge of unix command line, HTML, CSS, Javascript, SQL is essential to take full advantage of the course. While in theory lectures, when showcasing vulnerabilities, all used code will be fully explained line by line but for hands-on labs, those without this knowledge will find it difficult to complete the labs . Exposure to Python, PHP or other dynamic web frameworks is also useful but not necessary.

What is the course format? Is online participation available?
This is an in-person course with no online options. Participants are required to be present in person for the entire 8-day duration of the course.

Can students attend the course?
Yes, a college/university student can participate in the course.

Can teachers attend the course?
Yes, college /university teachers may enroll.

Can international participants attend the course?
Yes, international participants can participate in the Course. The IIT Bombay policy requires international participants to pay a different fee.

How is the summer course conducted?
The course is conducted on the beautiful campus of IIT Bombay from 9.30 am to 6 pm on all 8 days. The course is a combination of lectures, and hands-on lab work. The course will run from Saturday of week 1 to Sunday (first half) of week 2 (i.e. 8 days). On most mornings, the course has lectures On most afternoons, the focus will be labwork. If you are planning to attend the course, make sure to clear out all the 8 days of your calendar.

Who teaches the course?
Prof. Kameswari Chebrolu of CSE Department, IIT Bombay is the course instructor. She has also conducted several teacher-training workshops for over 10,000 teachers in specific Computer Science subjects and the use of ed-tech tools.Kameswari Chebrolu currently holds Prof. D.M Dhamdhere Chair for bExcellence in teaching methods. She was also a recipient of IITB Excellence in Teaching Award at department level in 2022 and IITB Excellence in Teaching Award at institute level in 2010.

What is the last date of registration for the course?
Each instance of the course will have a formally announced last date of registration (usually a week before the course starts). However, please be aware that each course has a limited number of seats. The number of seats may fill up before that date. On a few occasions in the past, the course got full (and hence had closed for registration) before the announced last date. Also, if you need accommodation on campus, that gets full sooner. So, it is best to register for the course as soon as possible.

Do I need a laptop/tablet to participate in the course?
A laptop is a mandatory requirement because the course material is distributed digitally. You will also need a laptop for the labwork.

How much time does the course take?
Officially, the course has 6 contact hours on a daily basis. This includes the lectures, class room activities and discussions.

Do I need to read anything before coming to the course?
Please go through the required prerequisites, specified above and brush up those concepts. HTML, CSS, Javascript, SQL, Python are covered well at https://www.w3schools.com and Unix command line at https://www.tutorialspoint.com/unix/index.htm

I have paid for the course. When do I get the receipt? I will be asking for a reimbursement for fees from my organization. Would it be possible to get a receipt sooner?
The Educational Outreach office (formerly known as the CEP office) of IIT Bombay handles all the financial and certification matters of the course. They usually hand over the receipts on the last day of the course. The certificates are sent digitally 45 days after the course to your registered email address. If you have special needs (such as need for an early receipt), mail them (cep [at] iitb.ac.in) or call them on 022-2576 7060.

When is the next course on Web Security?
This course marks the inaugural session of the Web Security Course, scheduled to run for 8 days in the month of June. Stay tuned to our website for further updates on our upcoming sessions.

How will the assessment be done in the Summer Course on Web Security?
There will be a small objective quiz every day based on material covered in the morning sessions. This will test your understanding predominantly (no tricky or difficult questions). Labs also have some marks associated with them. Attendance will also be taken in both morning and after sessions. Based on the attendance and marks obtained in quiz+labs, certification (as indicated below) will be handled.

Do I get a certificate for attending this course?
Yes, and many things have changed recently. Till 2021, the Educational Outreach office of IIT Bombay (formerly known as the CEP office) gave a “Certificate of Participation” to all those who attended the course. From 2022, they introduced “Certificate of Completion”. The Educational Outreach office mails the appropriate certificates about 45 days after the course to your registered email address.

How does the assessment translate to Certificate of Participation and Certificate of Completion?
The Educational Outreach office gives a Certificate of Completion to participants who get above 50% marks in the course assessment. The Educational Outreach office gives a Certificate of Participation to those who get less than 50% marks, but do have sufficient attendance and active participation in the course. The Educational Outreach office mails the appropriate certificates about 45 days after the course to your registered email address.

I have paid for the course. When do I get the certificate?
The Educational Outreach office of IIT Bombay handles all the financial and certification matters of the course. They mail the appropriate certificates about 45 days after the course to your registered email address. If you have any queries or special needs (such as need to change the email address), mail them (cep [at] iitb.ac.in) or call them on 022-2576 7060.

Is accommodation available for participants of the event?
Yes, accommodation is available subject to availability on a first-come, first-served basis.

I would like to stay on the IIT Bombay campus for the duration of the course. How/when do I get a confirmed booking?
We do not guarantee accommodation on campus but can facilitate booking at IITB guest house and hostels. It will be confirmed (subject to availability) after you pay the registration fees. This is a manual process and there could be small delays. If you have requested accommodation but do not receive confirmation within 3 days of paying your fees, please send an urgent email to the Trust Lab admin team at <office.trustlab [at] iitb.ac.in> with “URGENT” in the subject line.

Is the accommodation cost included in the course fees?
No, it isn’t. You will have to pay on checkout like in any hotel. Hostel accommodation costs Rs 350 per night on a sharing basis, while guest house accommodation costs Rs 3000 per night for single occupancy and Rs 2000 per night for double occupancy. Please note that these rates are subject to change as per Institute rules.

How can I pay the accommodation fees?
Participants selecting hostel accommodation will receive payment details and a payment link for online transactions. Those staying at the GH must settle their bills directly at the GH reception.

Is it necessary to stay on the IITB campus during the course?
It is not necessary to stay on campus, but there are several advantages to doing so. If you are going to stay in a hotel in any case (or if you are from Mumbai, but you don’t like to commute), the GH/Hostel offers an alternative (which is often cheaper than many comparable hotels). The course is intense, so staying on-campus is an advantage.

Is the accommodation shared? What is the chance of getting single accommodation?
Accommodation in hostel rooms is shared (Rs 350/night). Those opting for the GH accommodation, may either opt for single (Rs 3000 per night) or twin sharing (Rs 2000 per night) arrangements. Alternatively, there are several serviced apartments and hotels near the campus that you could book. They are usually more expensive than the hostel.

Is food included in the accommodation fees?
Food is not included in the accommodation fees. Participants need to take care of their food. For those opting for Guest House, you have an option of availing it at the Guest House by booking in advance. Across the campus, we have a canteen/mess facility and eateries all over. However, you are free to choose as you wish.

I am coming in on the earlier evening/I am leaving in the evening of the last day of the course. Is that OK?
By default, the GH/Hostel room is booked from the night before the first day to the morning after the last day of the course. If your arrival / departure dates are different, send an email to the admin team at <office. trustlab [at] iitb.ac.in> and we will try to help.

I did not get hostel accommodation / I do not want to stay in the hostel. What are the alternatives near IIT Bombay campus?
There are several hotels in the Powai area (The Beatle, Rodas, Keys, Meluha, Marriot Apartments, The Westin). Also, Powai is filled with several serviced apartments. Apart from the busiest days, finding an accommodation in Powai should always be possible. However, like everywhere else, cheaper deals go early.

Could you give me precise directions to the venue of the course?
IIT Bombay is in Powai and is well known to auto /taxi /Uber/Ola/Meru drivers. You can always ask for internal directions at the IITB Main Gate. The registration for the course will start at 8:45 am at the CSE Department on the first day. Look out for email for details on the venue.