|
Teaching GuideTerm Faculty of Computer Science |
| Máster Universitario en Ciberseguridade |
 Subjects |
| Applications Security |
| Contents |
|
|
|
| Identifying Data | 2018/19 | |||||||||||||
| Subject | Applications Security | Code | 614530005 | |||||||||||
| Study programme |
|
|||||||||||||
| Descriptors | Cycle | Period | Year | Type | Credits | |||||||||
| Official Master's Degree | 1st four-month period |
First | Obligatory | 6 | ||||||||||
|
||||||||||||||
| Topic | Sub-topic |
| Topic 1. Introduction. | 1.1 Authentication, authorization and access control. 1.2 Stateful and stateless services. 1.3 Server-side and SPA web applications. |
| Topic 2. Vulnerabilities and prevention mechanisms in applications and services. | 2.1 Reference frameworks. 2.2 Vulnerabilities in the processing of input data. 2.3 Vulnerabilities in authentication. 2.4 Vulnerabilities in session management. 2.5 Sensitive data exposure. 2.6 Vulnerabilities in access control. 2.7 Monitoring and insufficient logging. 2.8 Vulnerabilities in third-party libraries. |
| Topic 3. Secure software development life cycles. | 3.1 Security from the analysis phase. 3.2 Code revisions. 3.3 SAST and DAST tools. |
| Topic 4. Authentication, authorization and access control. | 4.1 Introduction. 4.2 Authentication and authorization. 4.2.1 HTTP authentication. 4.2.2 JSON Web Token. 4.2.3 OAuth2. 4.2.4 OpenID Connect. 4.2.5 Other standards. 4.3 Access control. 4.3.1 Role-based access control (RBAC). 4.3.2 Attribute-based access control (ABAC). |
|
