General course information
If you are a student trying to figure out if you should take this course as an optional course or not, the short answer is 'yes'. The somewhat longer answer is 'yes, definitely'.
The course provides an introductory overview of the web and how it works, just to give you the prerequisites for understanding its security. It also recaps parts of the computer security course in order to give you the tools for understanding cryptographic primitives and how they are used for securing communication and providing trust.
A large part of the course has a focus on securing web applications, both from the point of view of security functionality, but also from an attacker's perspective. You will understand how the web server and the client can co-operate to increase the resiliency against attacks, and how different configurations and ad-hoc functionality can affect security.
The course also includes security related to DNS, detailing vulnerabilities and attacks, and how they can be combated. It also includes email security, focusing on how message origin authentication and integrity can be accomplished and also some examples of how spam can be detected and combated.
In all, after the course you will have a thorough understanding of vulnerabilities and security functionality for web applications, DNS and email. Using this knowledge, you will be able to design secure web applications and understand a wide range of aspects related to secure communication in the Internet context in general and the web in particular. Much of this knowledge can be transferred to secure systems design, penetration testing and risk assessment, ultimately giving you a strong background and state-of-the-art knowledge in the cybersecurity domain.
The course assumes that you have already taken the EITA25 Computer Security, but some of the most important concepts are recapped in the beginning of the course.
To complement this course, it is suggested to also take our other security courses:
- EITN50, Advanced Computer Security (HT1)
- EDIN01, Cryptography (HT2)
- EITN41, Advanced Web Security (HT2)
- EITP20, Secure Systems Engineering (VT1)
- ETIN85, Advanced Cryptography (VT2)
This course package is designed to give you a comprehensive treatment of computer and cybersecurity, giving you the prerequisites of becoming a domain expert in an increasingly important and expanding field, with great job opportunities, now and in the future.