Scribd Logo
Upload

Welcome to Scribd!

  • 44 views

    Cyber Security and Applications

    Uploaded by

    Vasuki Rajkumar
    This course provides knowledge on cybersecurity and securing web applications. It covers topics like networking fundamentals, introduction to cybersecurity, information security and cryptography, threat modeling, identity and access management, secure coding in Java, security standards and regulations, and identity governance and administration. The course aims to help students identify vulnerabilities in web applications and networks and learn techniques to write secure code. It involves both theory and practical sessions with demonstrations of attacks like SQL injection and how to prevent them.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Cyber Security and Applications

    Uploaded by

    Vasuki Rajkumar
    44 views4 pages
    This course provides knowledge on cybersecurity and securing web applications. It covers topics like networking fundamentals, introduction to cybersecurity, information security and cryptography, threat modeling, identity and access management, secure coding in Java, security standards and regulations, and identity governance and administration. The course aims to help students identify vulnerabilities in web applications and networks and learn techniques to write secure code. It involves both theory and practical sessions with demonstrations of attacks like SQL injection and how to prevent them.

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This course provides knowledge on cybersecurity and securing web applications. It covers topics like networking fundamentals, introduction to cybersecurity, information security and cryptography, threat modeling, identity and access management, secure coding in Java, security standards and regulations, and identity governance and administration. The course aims to help students identify vulnerabilities in web applications and networks and learn techniques to write secure code. It involves both theory and practical sessions with demonstrations of attacks like SQL injection and how to prevent them.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    44 views4 pages

    Cyber Security and Applications

    Uploaded by

    Vasuki Rajkumar
    This course provides knowledge on cybersecurity and securing web applications. It covers topics like networking fundamentals, introduction to cybersecurity, information security and cryptography, threat modeling, identity and access management, secure coding in Java, security standards and regulations, and identity governance and administration. The course aims to help students identify vulnerabilities in web applications and networks and learn techniques to write secure code. It involves both theory and practical sessions with demonstrations of attacks like SQL injection and how to prevent them.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 4

    CourseCode CYBERSECURITYANDAPPLICATIONS L T P C

    2 0 1 2
    COURSEOBJECTIVE

    The objective of this course is to provide knowledge on the threats and vulnerabilities to web
    applications.Thisisverycrucialduetothedependenciesoftoday’sworldonwebappsanddigital
    transactions. The course also provides details on how to secure our computer network systems
    from malicious activities and attacks.
    UNIT-I NetworkingandWebTechnology 7hours
    NetworkComponents-Network Basics-NetworkCommunication-WebTechnologies TCPIP-
    Web Services
    UNIT-II IntroductiontoCyber Security 8hours
    RecentCyberAttacks-CyberSecurityConcepts-LayersofCyberSecurity-Introductionto
    ApplicationSecurity-SecureCodingOWASPTop10-CodingPracticesSecureDesign–Closure
    [Practical demos and code on OWASP vulnerabilities and how to mitigate them]
    UNIT-III FundamentalsofInformationSecurity&FundamentalsofCryptography
    7hours
    Whyinformationsecurity? -Whatisinformationsecurity?-DataSecurity-Networksecurity-
    ApplicationSecurity–Closure.WhyCryptography?–Cryptography-SharedKeyCryptography –
    Illustration - Shared Key Cryptography - Public Key Cryptography – Illustration - Public Key
    Cryptography–Hashing-DigitalSignature–Illustration-DigitalSignature-Applicationsof
    cryptography–Conclusion[Algorithmicrepresentationofcryptographicmethods]
    UNIT-IV ThreatModeling&IdentityandAccess management 6hours
    BasicsofThreatModeling-LearnThreatModelingwithaUseCase-ToolWalkthrough-MS
    ThreatModelingTool–Assignment-IntroductiontoIdentityandAccessManagement -What next

    UNIT-V JavaSE11Programmer II:SecureCodingin JavaSE11 Applications 7hours


    Course Overview – Managing Denial of Service – Securing Information – Managing Data
    Integrity – Accessibility and Extensibility – Securing Objects – Serialization and Deserialization
    Security–JCAanditsPrinciples–ProviderArchitecture–EngineClass–KeyPairGeneration–
    SignatureManagement–UnsecuretoSecureObject–CourseSummary.[DemosofSecure
    CodinginJava]
    UNIT-VI SecurityStandardsandRegulations 5hours
    PCIDSS–ISMS-FIPSandNISTSpecialPublications–FISMA–GDPR–HIPAA–SOX-Conclusion
    UNIT-VII IdentityGovernanceandAdministration 5hours
    NeedforIGA&basicsconcepts-IGABasicConceptsandOnboarding-IGAGovernance-
    IdentityAdministrationinIGA-Whatnext?

    Total:45Periods
    COURSEOUTCOMES

    Oncompletionofthecourse,studentswillbeableto:
    CO1: Identifynetworkcomponents,gainawarenessonDHCP,DNSServerandTCP/IP
    architecture
    CO2: Gainunderstandingofthreatmodellinganditsimportanceinthedesignofweb
    applications
    CO3: InvestigatehowtosecurewebapplicationswrittenusingJavaTechnology.Apply
    securecodingtechniquesinJava,Python,C/C++Programming Languages
    CO4: PracticeidentificationofOWASPvulnerabilitiesandmitigationtechniques
    CO5: GainunderstandingoftheimportanceofSecurityStandardsandRegulationslike
    PCIDSS,ISMS,FIPS,NISTSpecialPublications,FISMA, GDPR,HIPAAandSOX
    CO6: RecognizeIdentity Governance andAdministration (IGA)- what problems IGA
    solutionssolve;governancemodelslike-roles,certifications,policiesandidentity
    lifecyclemanagement

    FORFURTHER READING
    1 NetworkingFundamentals,2019edition,Packt,Author:GordonDavies
    2 PrinciplesofInformationSecurity,Authors:Michael E.Whitmanand HerbertJ.Mattord,
    Coursetechnologyincorp
    3 CSSLPSECURESOFTWARELIFECYCLEPROFESSIONALALL-IN-ONEEXAMGUIDE,Third
    Edition, 3rd Edition, Authors: Wm. Arthur Conklin, Daniel Paul Shoemaker,
    ReleasedFebruary 2022,Publisher(s): McGraw-Hill,ISBN: 9781264258215

    REFERENCE
    1 https://infyspringboard.onwingspan.com/en/app/toc/
    lex_auth_012683751296065536354_shared/contents(Network Fundamentals)
    2 https://infyspringboard.onwingspan.com/en/viewer/html/lex_auth_01350156965715
    96809160(CertifiedSecureSoftwareLifecycleProfessional(CSSLP)2019:SecureCoding
    Practices)
    3 https://infyspringboard.onwingspan.com/en/viewer/html/lex_auth_01350156899275
    57129660(OWASPTop10:WebApplicationSecurity)
    4 https://infyspringboard.onwingspan.com/en/viewer/html/
    lex_auth_01350159304097792013093(Defensive coding fundamentals in C and C++)
    5 https://infyspringboard.onwingspan.com/en/app/toc/lex_auth_013501581644931072
    11192/overview(SecurityProgramming:PythonScriptingEssentials)

    ONLINEREFERENCE
    1 https://www.stealthlabs.com/blog/infographic-top-15-cybersecurity-myths-vs-reality/
    2 https://microage.ca/cybersecurity-layering-approach/
    3 https://www.oracle.com/java/technologies/javase/seccodeguide.html
    4 https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling
    5 https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-sandboxing/
    6 https://www.skillsoft.com/course/security-programming-python-scripting-essentials-
    bea4b5-6b5346072b8e

    SOFTWAREREQUIREMENT
    ● Python
    ● Javascript,NodeJs
    ● JavaDevelopmentkit
    HARDWARE REQUIREMENT
    ● i5ori7processoror R5fromAMD
    ● 16GBof RAM.500GBstoragesystem
    INDUSTRYSCOPE
    On completion of this course students will be able to identify vulnerability and security
    threatsinwebapplicationsandlearntowritesecurecode.Thisisextremelycrucial,given the
    huge volume of digital transactions and web applications.

    INDUSTRYUSECASES
    1. Identificationofbasicnetworkcomponents,practicecommandsforTCP-IParchitecture
    and subnetting. [Reference : Lab Guide - Viewer Page | Infosys
    Springboard(onwingspan.com)]
    2. Build awareness on Defensive coding practices and control such as secure
    configuration, error handling, and session management, cryptography, input and
    output sanitization, error handling, input validation, logging and auditing, and session
    and exception management.[Reference:
    https://infyspringboard.onwingspan.com/web/en/viewer/html/lex_auth_01350156965
    71596809160]
    3. Practice defensive coding practices in C/C++ such as inspections, testing, and input
    validation. [Reference:Defensive Coding Fundamentals for C/C++ - Viewer Page |
    Infosys Springboard (onwingspan.com)
    4. Explore the top 10 OWASP vulnerabilities, their causes, consequences, and mitigation
    techniques.
    [Reference:OWASPTop10:WebApplicationSecurity-ViewerPage|
    InfosysSpringboard(onwingspan.com)],OWASP.org,http://cwe.mitre.org/top25/
    archive/2021/2021_cwe_top25.html. Make a report of the studied material.
    5. PracticesecurecodingtechniquesinPythonprogramminglanguage[Reference:https://
    infyspringboard.onwingspan.com/en/app/toc/lex_auth_01350158164493107211192/
    overview
    6. Create a login page with username and password which will connect to a database
    whichwillstorethenameandpassword.YoucanuseJavaandHTMLcodeanddatabase as per
    convenience. Simulate an SQL injection attack. Write embedded SQL code to
    avoidSQLinjectionattack.DocumenthowthisistakencareinthelaterversionsofJava.
    7. Create a login page with username and password which will connect to a database
    whichwillstorethenameandpassword.YoucanusePythonasabaseanddatabaseas per
    convenience. Simulate an SQL injection attack. Write the revised code in Python that
    will sanitize the inputs and help prevent an SQL injection attack.
    8. Read and understand the Heartbleed vulnerability. Identify the code in C++ that can
    simulate this vulnerability and code to fix it. Document the secure coding practices to
    takecareofthisvulnerabilityandthereasonsforitto happen.
    9.Given awebapplication,tryoutthetop10 OWASP vulnerabilitiesandhowtomitigate them.
    [Reference: TOC - Explore OWASP Top 10 Vulnerabilities | Infosys
    Springboard(onwingspan.com), will be given as a document with code]

    Modeof Delivery Online(Self-Learning)


    Course Evaluation OnlineAssessment
    ApplicableforAllBranchesofEngineering(First
    MultipleHybridBranchofStudents
    Year & Final Year)
    NOSAlignment Yes-InfosysIndustryStandard
    Train-the-Trainer FacultyEnablement Program
    Commercials Freeof Cost

    You might also like