toppbild

EITF05 Webbsäkerhet

2011/2012 Ht1

Kursmaterial


There is no book that covers the topics in the course in a satisfying way. Thus, there is no course book. (If you know of a good book that is suitable, please notify me.) Instead, the lecture slides and lecture notes will serve as course material. The slides and notes will be made available here before each lecture.

As a complement, some web resources are also given below. Note that the material given below is not included in the course UNLESS it is also covered by the slides/notes OR it is explicitly stated.

Lecture 1

Lecture slides: 2 slides per page 4 slides per page

Additional resources

These are (at least) two books on cryptology, freely available online:
Menezes, van Oorschot and Vanstone - Handbook of Applied Cryptography
Smart - Cryptography, An Introduction
Statistics used on the lecture were taken from the IBM Security Report. The 2010 version used for the lectures requires (free) registration for download, but the 2008 version is freely available here:
IBM security report

Lecture 2

Lecture slides: 2 slides per page 4 slides per page

Lecture notes: here

Additional resources

The complete HTTP/1.1 standard. Read only parts relevant for the course (those discussed on lecture).
RFC2616 - Hypertext Transfer Protocol -- HTTP/1.1
The UTF-8 encoding standard:
RFC3629 - UTF-8, a transformation format of ISO 10646
Basic and Digest Authentication in HTTP:
RFC2069 - An Extension to HTTP : Digest Access Authentication The old version
RFC2617 - HTTP Authentication: Basic and Digest Access Authentication
The Base64 encoding. Note that Base16 and Base32 are basically the same thing but with smaller alphabet:
RFC4648 - The Base16, Base32, and Base64 Data Encodings
The Apache documentation. Read only parts relevant for the course (those discussed on lecture).
Apache Documentation

Lecture 3

Lecture slides: 2 slides per page 4 slides per page

Lecture notes: here

Additional resources

Documentation for PHP. Read only parts relevant for the course (those discussed on lecture):
www.php.net
A good introduction to regular expressions can be found here:
www.regular-expressions.info/

Lecture 4

Lecture slides: 2 slides per page 4 slides per page

Lecture notes: here

Additional resources

Documentation for PHP. Read only parts relevant for the course (those discussed on lecture):
www.php.net
OWASP (Open Web Application Security Project) contains material related to this lecture (Session attacks, XSS, CSRF, SQL injections). Their search engine will also search on several related pages.
www.owasp.org

Lecture 5

Lecture slides: 2 slides per page 4 slides per page

Lecture notes: here

Additional resources

DNS is described in 2 RFCs. The first is more relevant to the course than the second:
RFC1034 - Domain Names - Concepts and Facilities
RFC1035 - Domain Names - Implementation and Specification
The DNSSEC specification is divided into three RFCs:
RFC4033 - DNS Security Introduction and Requirements
RFC4034 - Resource Records for the DNS Security Extensions
RFC4035 - Protocol Modifications for the DNS Security Extensions

Lecture 6

Lecture slides: 2 slides per page 4 slides per page

Lecture notes: here

Additional resources

The latest version of the SMTP standard:
RFC5321 - Simple Mail Transfer Protocol 
The DKIM standard:
RFC4871 - DomainKeys Identified Mail (DKIM) Signatures
The SPF proposal:
RFC4408 - Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail

Lecture 7

Lecture slides: 2 slides per page 4 slides per page

Lecture notes: here

Additional resources

First paper by Chaum, describing Mixes: (Digital Pseudonyms are not included in course)
Chaum - Untraceable Electronic Mail...
Tor design paper:
Dingledine, Mathewson and Syverson - Tor: the second-generation onion router
Paper describing the disclosure attack:
Kedogan, Agrawal and Penz - Limits of Anonymity in Open Environments
News article describing Tor "problem":
Wired article

Tillbaka

Senast uppdaterad: 2011-10-06 16:45:07
Sidansvarig: Martin Hell
Ansvarig utgivare: Prefekt

Institutionen för Elektro- och informationsteknik, LTH, Box 118, 221 00 Lund, Telefon: 046-222 00 00