CS447: Web Security Attack Laboratory

The course introduces various web attacks that trigger various vulnerabilities in target web services. The course also provides a lab session for each week, which helps students practice real attacks in simulated web environments. The goal of the course is to let students learn and understand various web threats via conducting the attacks by themselves.

Basic Information

• Lecture: Monday/Wednesday 10:30 AM - 11:45 AM
• Instructor: Sooel Son
• Email: sl.son (at) kaist.ac.kr
• Homepage: https://sites.google.com/site/ssonkaist/
• Lecture room: E3-1 2443
• Lab sessions: Zoom session
• Office hours: Appointment only
• T.A.:
  • Soyoung Lee: soyoungleell (at) kaist.ac.kr
  • Dongwon Shin: godeastone (at) kaist.ac.kr
  • Junkyu Kang: jkkang130 (at) kaist.ac.kr

Prerequisite

• CS101 (Required)
• CS204 (Optional)
• Web Programming (Optional)

Evaluation

• Attendance & Class participation: 10%
• Lab sessions : 30%
• Assignments : 30%
• Final exam: 30%

Schedule

• The following schedule is subject to change.

1st week

• 2/24: [Course Introduction]
• 2/26: [Lab session #0: Preparation]

2nd week

• 3/3: Holiday
• 3/5: [Web Programming Basic #1: HTML and JavaScript]
• Assignment [Lab session #1] by 3/6

3rd week

• 3/10: [Web Programming Basic #2: Server-side Web Application]
• 3/12: [Lab session #2] [Server-side App]
• Optional [Lab session #3]
• Assignment #1 by 3/20

4th week

• 3/17: [SQL Injection]
• 3/19: [Lab session #4]

5th week

• 3/24:[Same Origin Policy & Cookie]
• 3/26:[Lab Session #5]
• Assignment #2 by 4/7

6th week

• 3/31: [Reflected XSS]
• 4/2: [Lab Session #6]

7th week

• 4/7: [Client-side XSS] [Phishing and 2nd Factor Authentication]
• 4/9: [Lab Session #7]

8th week

• 4/14: Mideterm season
• 4/16: Mideterm season

9th week

• 4/21: [Cross-site Request Forgery]
• 4/23: [Lab Session #8]
• Assignment #3 by 5/5

10th week

• 4/28: [Shell Code Injection and File Inclusion] [Zoom]
• 4/30: [Lab Session #9]

11th week

• 5/5: Holiday
• 5/7: No_class

12th week

• 5/12: [Property-Oriented Programming]
• 5/14: [Lab session #10]

13th week

• 5/19: [Content Security Policy]
• 5/21: [Lab session #11]
• Assignment #4 by 6/5

14th week

• 5/26: [Unrestricted File Upload]
• 5/28: [Lab session #12]

15th week

• 6/2: [Tracking], [HTTPS]
• 6/4: [Guest lecture]

16th week

• 6/??: Final exam from 10:00 AM to 11:30 AM