Web and Mobile Systems Security
A.Y. 2024/2025
Learning objectives
The purpose of the course is twofold: on the one hand, we will introduce the basic concepts on computer security, on the other hand, we will cover the security problems specific to Web and mobile systems.
Expected learning outcomes
· Being able to identify the security properties a system must ensure in order to be considered ""secure""
· Knowing the main approaches that can be used to authenticate users to a machine
· Being able to analyse a security protocol and possibly highlight the vulnerabilities with respect to the most common types of attack
· Being able to identify and describe the most common attacks on Web applications
· Knowing the most frequent malware and how they propagate
· Being able to describe the security issues of mobile devices
· Knowing the main approaches that can be used to authenticate users to a machine
· Being able to analyse a security protocol and possibly highlight the vulnerabilities with respect to the most common types of attack
· Being able to identify and describe the most common attacks on Web applications
· Knowing the most frequent malware and how they propagate
· Being able to describe the security issues of mobile devices
Lesson period: Second semester
Assessment methods: Esame
Assessment result: voto verbalizzato in trentesimi
Single course
This course can be attended as a single course.
Course syllabus and organization
Single session
Responsible
Lesson period
Second semester
Course syllabus
1. Web System Security.
- The HTTP protocol: functionality and security issues.
- Common attack types and possible countermeasures: SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery.
- Content Security Policy (CSP) and Cross-Origin Resource Sharing (CORS).
- Online tracking and privacy issues.
2. The Authentication Problem:
- Human-Machine Authentication methods
- Authentication in distributed systems
- Single Sign-On Authentication
3. Mobile System Security:
- Vulnerabilities and common attacks in mobile devices.
- Malware in mobile systems.
- Security of Android and iOS as a case study.
- The HTTP protocol: functionality and security issues.
- Common attack types and possible countermeasures: SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery.
- Content Security Policy (CSP) and Cross-Origin Resource Sharing (CORS).
- Online tracking and privacy issues.
2. The Authentication Problem:
- Human-Machine Authentication methods
- Authentication in distributed systems
- Single Sign-On Authentication
3. Mobile System Security:
- Vulnerabilities and common attacks in mobile devices.
- Malware in mobile systems.
- Security of Android and iOS as a case study.
Prerequisites for admission
Knowledge of cryptography concepts, databases, and computer networks is required.
Teaching methods
Classroom lectures and practical activities in the laboratory.
Teaching Resources
Web site: http://cbraghinsswm.ariel.ctu.unimi.it
Course slides, notes taken in class and articles in English which are part of the course programme.
Course slides, notes taken in class and articles in English which are part of the course programme.
Assessment methods and Criteria
The exam consists of a two-hour written test mainly with open questions covering all topics from the course and the labs.
The evaluation takes into account the level of mastery of the topics and the clarity of presentation.
The evaluation takes into account the level of mastery of the topics and the clarity of presentation.
INF/01 - INFORMATICS - University credits: 6
Laboratories: 24 hours
Lessons: 36 hours
Lessons: 36 hours
Professor:
Braghin Chiara
Shifts:
Turno
Professor:
Braghin ChiaraProfessor(s)