Course Material
There is no book that covers the topics in the course in a satisfying way. Thus, there is no course book. (If you know of a good book that is suitable, please notify me.) Instead, the lecture slides and lecture notes will serve as course material. The slides and notes will be made available here shortly before each lecture.
As a complement, some additional web resources are also given below. Note that this material is not included in the course UNLESS it is also covered by the slides/notes OR it is explicitly stated.
The course material is divided into five parts, as listed below, and will be presented sequentially through the seven lectures.
Introduction
Slides: 2 per page 4 per page
Additional resources
These are (at least) two books on cryptology, freely available online:
Menezes, van Oorschot and Vanstone - Handbook of Applied Cryptography
Smart - Cryptography, An Introduction
Statistics used on the lecture were taken from the IBM Security Report, which requires (free) registration for download:
IBM security report
HTTP
Slides: 2 per page 4 per page
Lecture notes: here
Additional resources
The complete HTTP/1.1 standard. Read only parts relevant for the course (those discussed on lecture).
RFC2616 - Hypertext Transfer Protocol -- HTTP/1.1
The UTF-8 encoding standard:
RFC3629 - UTF-8, a transformation format of ISO 10646
Basic and Digest Authentication in HTTP:
RFC2069 - An Extension to HTTP : Digest Access Authentication The old version
RFC2617 - HTTP Authentication: Basic and Digest Access Authentication
The Base64 encoding. Note that Base16 and Base32 are basically the same thing but with smaller alphabet:
RFC4648 - The Base16, Base32, and Base64 Data Encodings
The Apache documentation. Read only parts relevant for the course (those discussed on lecture).
Apache Documentation
Web Applications & PHP
Slides (Part 1 of 2): 2 per page 4 per page
Slides (Part 2 of 2): 2 per page 4 per page
Lecture notes (Part 1 of 2): here
Lecture notes (Part 2 of 2): here
Additional resources
Documentation for PHP. Read only parts relevant for the course (those discussed on lecture):
www.php.net
A good introduction to regular expressions can be found here:
www.regular-expressions.info/
OWASP (Open Web Application Security Project) contains material related to this lecture (Session attacks, XSS, CSRF, SQL injections). Their search engine will also search on several related pages.
www.owasp.org
DNS
Slides: 2 per page 4 per page
Lecture notes: here
Additional resources
DNS is described in 2 RFCs. The first is more relevant to the course than the second:
RFC1034 - Domain Names - Concepts and Facilities
RFC1035 - Domain Names - Implementation and Specification
The DNSSEC specification is divided into three RFCs:
RFC4033 - DNS Security Introduction and Requirements
RFC4034 - Resource Records for the DNS Security Extensions
RFC4035 - Protocol Modifications for the DNS Security Extensions
Slides: 2 per page 4 per page
Lecture notes: here
Additional resources
The latest version of the SMTP standard:
RFC5321 - Simple Mail Transfer Protocol
The DKIM standard:
RFC4871 - DomainKeys Identified Mail (DKIM) Signatures
The SPF proposal:
RFC4408 - Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail