Journal of Computing Sciences in Colleges
| Hi-index | 0.00 |
Web application development is a large and growing area of employment for computer science graduates. While our graduates have learned how to design and implement web applications that work correctly with expected inputs, few have learned how to design and implement software that is secure against common web application vulnerabilities. The most common security vulnerabilities in software are cross-site scripting, SQL injection, and PHP include bugs. All three problems are web application vulnerabilities. These vulnerabilities can allow attackers to access applications without permission, obtain sensitive information like credit card or social security numbers, and steal merchandise or transfer funds from commercial web sites. The number of vulnerabilities discovered each year has increased at an exponential rate since 2000. In this tutorial, we will describe how attackers exploit common web application vulnerabilities and show live demonstrations of such attacks. We will show participants how to teach their students to design and write secure code that is immune to these attacks. The tutorial will present resources that participants can use to incorporate web application security into programming, database, web development, and information security courses.