CS447: Web Security Attack Laboratory

The course introduces various web attacks that trigger various vulnerabilities in target web services. The course also provides a lab session for each week, which helps students practice real attacks in simulated web environments. The goal of the course is to let students learn and understand various web threats via conducting the attacks by themselves.

Basic Information

• Lecture: Monday/Wednesday 10:30 AM - 11:45 AM
• Instructor: Sooel Son
• Email: sl.son (at) kaist.ac.kr
• Homepage: https://sites.google.com/site/ssonkaist/
• Lecture room: E3-1 2443
• Lab sessions: Zoom session
• Office hours: Appointment only
• T.A.: Soyoung Lee, Eunha Bang

Prerequisite

• CS101 (Required)
• CS204 (Optional)
• Web Programming (Optional)

Evaluation

• Attendance & Class participation: 10%
• Lab sessions : 40%
• Assignments : 30%
• Final exam: 20%

Schedule

• The following schedule is subject to change.

1st week

• 2/26: [Course Introduction]
• 2/28: [Lab session #0: Preparation]

2nd week

• 3/4: [Web Programming Basic #1: HTML and JavaScript]
• 3/6: [Lab session #1]

3rd week

• 3/11: [Web Programming Basic #2: Server-side Web Application]
• 3/13: [Lab session #2] [ServerSide App]
• Optional [Lab session #3]
• Assignment #1 by 3/24

4th week

• 3/18: [SQL Injection]
• 3/20: [Lab session #4]

5th week

• 3/25:[Same Origin Policy & Cookie]
• 3/27:[Lab Session #5]
• Assignment #2 by 4/7

6th week

• 4/1: [Reflected XSS]
• 4/3: [Lab Session #6]

7th week

• 4/8: [Client-side XSS]
• 4/10: Election Day

8th week

• 4/15: Mideterm season
• 4/17: Mideterm season

9th week

• 4/22: [Cross-site Request Forgery]
• 4/24: [Lab Session #7]
• Assignment #3 by 5/5

10th week

• 4/29: [Phishing and 2nd Factor Authentication]
• 5/1: [Lab Session #8]

11th week

• 5/6: Holiday
• 5/8: [Shell Code Injection and File Inclusion]

12th week

• 5/13: [Lab Session #9]
• 5/15: Holiday

13th week

• 5/20: [Property-Oriented Programming]
• 5/22: [Lab Session #10]
• Assignment #4 by 6/5

14th week

• 5/27: [Content Security Policy]
• 5/29: [Lab Session #11]

15th week

• 6/3: [Tracking], [Unrestricted File Upload]
• 6/5: [Lab Session #12]

16th week

• 6/12: Final exam from 10:00 AM to 11:30 AM