CS447: Web Security Attack Laboratory

The course introduces various web attacks that trigger various vulnerabilities in target web services. The course also provides a lab session for each week, which helps students practice real attacks in simulated web environments. The goal of the course is to let students learn and understand various web threats via conducting the attacks by themselves.

Basic Information

• Lecture: Tuesday/Thursday 10:30 AM - 11:45 AM
• Instructor: Sooel Son
• Email: sl.son (at) kaist.ac.kr
• Homepage: https://sites.google.com/site/ssonkaist/
• Lecture room: E3-1 1101
• Lab sessions: Zoom session
• Office hours: Appointment only
• T.A.: Jihwan Kim, Sunnyeo Park

Prerequisite

• CS101 (Required)
• CS204 (Optional)
• Web Programming (Optional)

Evaluation

• Attendance & Class participation: 10%
• Lab sessions : 40%
• Assignments : 30%
• Final exam: 20%

Schedule

• The following schedule is subject to change.

1st week

• 2/28: No Class
• 3/2: [Course Introduction] & [Lab session #0: Preparation]

2nd week

• 3/7: [Web Programming Basic #1: HTML and JavaScript]
• 3/9: [Lab session #1]

3rd week

• 3/14: [Web Programming Basic #2: Server-side Web Application]
• 3/16: [Lab session #2] [ServerSide App]
• Optional [Lab session #3]
• Assignment #1 by 3/24

4th week

• 3/21: [SQL Injection]
• 3/23: [Lab session #4]

5th week

• 3/28:[Same Origin Policy & Cookie]
• 3/30:[Lab Session #5]
• Assignment #2 by 4/7

6th week

• 4/4: [Reflected XSS]
• 4/6: [Lab Session #6]

7th week

• 4/11: [Client-side XSS]
• 4/13: [Lab Session #7]

8th week

• 4/18: Mideterm season
• 4/20: Mideterm season

9th week

• 4/25: [Cross-site Request Forgery]
• 4/27: [Lab Session #8]
• Assignment #3 by 5/5

10th week

• 5/2: [Phishing and 2nd Factor Authentication]
• 5/4: [Tracking]

11th week

• 5/9: [Shell Code Injection and File Inclusion], [Unrestricted File Upload]
• 5/11: [Lab Session #9]

12th week

• 5/16: No Class
• 5/18: [Lab Session #10]

13th week

• 5/23: [Property-Oriented Programming]
• 5/25: [Lab Session #11]
• Assignment #4 by 6/2

14th week

• 5/30: [Content Security Policy]
• 6/1: [Lab Session #12]

15th week

• 6/6: [Holidays]
• 6/8: [Paper presentation]

16th week

• 6/15: Final exam from 9:00 AM to 10:30 AM