Course syllabus - Applied cybersecurity 5.0 credits

Praktisk cybersäkerhet

Course code: DVA446
Valid from: Autumn semester18
Level of education: Second cycle
Subject: Informatics/Computer and Systems Scie...
Main Field(s) of Study: Computer Science,
In-Depth Level: A1N (Second cycle, has only first-cycle course/s as entry requirements),
School: IDT
Ratification date: 2018-02-01


Modern web applications can often be described in terms of cooperation and sharing, both on the level of the users of the application and on the level of the application and the service providers, which puts web applications in a distributed application class with mutual distrust between the different stakeholders, and leads to a plethora of security challenges.
This course covers the most prevalent security challenges of web applications, from a theoretical and practical perspective. The aim of the course is to give students the ability to identify and analyze common vulnerabilities and related protection mechanisms, and to put this knowledge to practice. While the course uses web applications as the starting point, most of the covered security challenges are instances of more general challenge classes, valid for many other types of applications, both within the application class of web application and outside.

Learning outcomes

After completing the course, the student shall be able to:
1. display knowledge of web applications and the corresponding application class, and the ability to construct complex applications
2. display knowledge of the most prevalent security challenges of web applications, and the ability to identify vulnerabilities in applications
3. display theoretical knowledge of protection mechanisms and their limitations, in isolation and in relation to each other
4. display knowledge of current research on attacks and protection mechanisms

Course content

The course gives an overview of the defining properties of web applications and the corresponding application class, and identifies different security challenges in relation to the different stakeholders: the users, the application provider, and the service and library providers. It covers concepts like statelessness, confidentiality, integrity, access control, authentication and authorization, session handling, and attacks related to those concepts. In addition, the course involves different forms of injection attacks, where code, in one way or another, is injected and executed on the client or server side.
The course emphasizes the importance of the interplay between theory and practice, where both attacks and protection mechanisms are studied from a theoretical perspective and put into practice. In selected cases, the attacks are identified as instances of more general classes of attacks and their relation to other instances of the corresponding class is discussed.
In addition, the course gives an orientation of current research on attacks and protection mechanisms, in relation to the application class of web applications.

Teaching methods

Lectures, exercises, and laboratory work.

Specific entry requirements

120 credits of which at least 80 credits in technology or informatics, including at least 30 credits in programming or software development. In addition, Swedish course B/Swedish course 3 and English course A/English course 6 are required. For courses given entirely in English exemption is made from the requirement in Swedish course B/Swedish course 3.


Laboratory work (LAB1), 4 credits, (examines the learning objectives 1-4), Marks Fail (U) or Pass (G)
Exercise (OVN1), 1 credit, (examines the learning objectives 3 and 4), Marks Fail (U) or Pass (G)

A student who has a certificate from MDH regarding a disability has the opportunity to submit a request for supportive measures during written examinations or other forms of examination, in accordance with the Rules and Regulations for Examinations at First-cycle and Second-cycle Level at Mälardalen University (2016/0601). It is the examiner who takes decisions on any supportive measures, based on what kind of certificate is issued, and in that case which measures are to be applied.

Suspicions of attempting to deceive in examinations (cheating) are reported to the Vice-Chancellor, in accordance with the Higher Education Ordinance, and are examined by the University’s Disciplinary Board. If the Disciplinary Board considers the student to be guilty of a disciplinary offence, the Board will take a decision on disciplinary action, which will be a warning or suspension.

Rules and regulations for examinations


Two-grade scale

Transitional provisions

The course completely overlaps with Web application security.

Course literature is preliminary until 3 weeks before the course starts. Literature may be valid over several terms.

Valid from: Autumn semester18

Decision date: 2018-07-04

Last update: 2018-07-04


Zalewski, Michal.;

The Tangled Web: A Guide to Securing Modern Web Applications [Elektronisk resurs]

LIBRIS-ID: 12740789