CS 433/533 - Web Security

Fall 2024

CRNs: 20312, 20313, 20314 (433) and 20315, 20316, 20317 (533)

Instructor: Michael L. Nelson <mln@cs.odu.edu>
                http://www.cs.odu.edu/~mln/

Office Hours: W, 2-4pm and by appointment

Time: online, asynchronous 

Place: Online, contact the instructor for the URLs.  

Course Objectives:

The goal of this course is to review common web security vulnerabilities
and exploits, as well as their corresponding defenses.  There is
an inherent tension between "web as simple document reader" and
"web as application environment", and as the functionality of the
web ecosystem increases, so do the vulnerabilities.

General concepts that students will learn: principles of web security,
attacks and countermeasures, the browser security model, web app
vulnerabilities, injection, denial-of-service, TLS attacks, privacy,
fingerprinting, same-origin policy, cross site scripting, authentication,
JavaScript security, emerging threats, defense-in-depth, techniques
for writing secure code, web archiving, rehosting.

Specific technologies that students will learn: Git/GitHub,
DOM/Javascript, CLI, Node.js, Twitter, Youtube.

Prerequisites: Unix/Linux, Web, HTML

Attendance Policy: Attendance is encouraged.  The class will be
recorded and the links shared on the class email list.  You are
responsible for everything that is said, discussed, and presented
during class.

Grading: 

   The class grade will consist of 7 Assignments of 15 points each.
   Additional points are available with class participation.  Late
   assignments lose 3 points for every 24 hours they are late unless
   prior arrangements are made with the intstuctor.  Readings and
   assignment descriptions will be released on a rolling basis
   during the semester.

   Graduate students:
	A  = 100-94
	A- = 93-90
	B+ = 89-88
	B  = 87-84
	B- = 83-80
	C+ = 79-78
	C  = 77-74
	C- = 73-70
	F  = 69-00

   Undergraduate students:
	A  = 100-92
	A- = 91-90
	B+ = 89-87
	B  = 86-82
	B- = 81-80
	C+ = 79-77
	C  = 77-72
	C- = 71-70
	D+ = 69-67
	D  = 66-62
	D- = 61-60
	F  = 59-00

ODU Honor Code:

  Please familiarize yourself with the ODU Honor Code:

  https://www.odu.edu/about/monarchcitizenship

  especially resources pertaining to plagiarism and academic integrity:

  https://graduate.cs.odu.edu/resources/academic-integrity/

Class Homepage: 

   https://github.com/phonedude/cs533-f24

Class Email List:

   https://groups.google.com/group/cs533-f24
   You must verify that you are on the list.

Class Textbook:

   None.  Readings will be posted on the class web page.

Disability Services:

   In compliance with PL94-142 and more recent federal legislation
   affirming the rights of disabled individuals, provisions will
   be made for students with special needs on an individual basis.
   The student must have been identified as special needs by the
   university and an appropriate letter must be provided to the
   course instructor.  Provision will be made based upon written
   guidelines from the University's Office of Educational Accessibility
   (http://www.odu.edu/educationalaccessibility). All students are
   expected to fulfill all course requirements.

   Students are encouraged to self-disclose disabilities that have
   been verified by the Office of Educational Accessibility by
   providing Accommodation Letters to their instructors early in
   the semester in order to start receiving accommodations.
   Accommodations will not be made until the Accommodation Letters
   are provided to instructors each semester.

ODU Honor Code:

  Please familiarize yourself with the ODU Honor Code:

  https://www.odu.edu/about/monarchcitizenship

  especially resources pertaining to plagiarism and academic integrity:

  https://graduate.cs.odu.edu/resources/academic-integrity/

The following statements apply to this class and come from:

  https://odu.edu/facultystaff/teaching/conduct-integrity

  Old Dominion University is committed to students' personal and
  academic success. In order to achieve this vision, students,
  faculty, and staff work together to create an environment that
  provides the best opportunity for academic inquiry and learning.
  All students must be honest and forthright in their academic
  studies. Your work in this course and classroom behavior must
  align with the expectations outlined in the Code of Student
  Conduct, which can be found at www.odu.edu/oscai. The following
  behaviors along with classroom disruptions violate this policy,
  corrupt the educational process, and will not be tolerated.

  Cheating: Using unauthorized assistance, materials, study aids,
  or other information in any academic exercise.

  Plagiarism: Using someone else’s language, ideas, or other original
  material without acknowledging its source in any academic exercise.

  Fabrication: Inventing, altering or falsifying any data, citation
  or information in any academic exercise.

  Facilitation: Helping another student commit, or attempt to commit,
  any Academic Integrity violation, or failure to report suspected
  Academic Integrity violations to a faculty member.

  Any evidence of an academic integrity violation (cheating) will
  result in a 0 grade for the assignment/exam, and the incident
  will be submitted to the Department of Computer Science for further
  review. Note that academic integrity violations can result in a
  permanent notation being placed on the student's transcript or
  even expulsion from the University. Evidence of cheating may
  include a student being unable to satisfactorily answer questions
  asked by the instructor about a submitted solution. Cheating
  includes not only receiving unauthorized assistance, but also
  giving unauthorized assistance.