Web E Mobile System Security
A.Y. 2024/2025
Learning objectives
The purpose of the course is twofold: on the one hand, we will introduce the basic concepts on computer security, on the other hand, we will cover the security problems specific to Web and mobile systems.
Expected learning outcomes
· Being able to identify the security properties a system must ensure in order to be considered "secure"
· Knowing the main approaches that can be used to authenticate users to a machine
· Being able to analyse a security protocol and possibly highlight the vulnerabilities with respect to the most common types of attack
· Being able to identify and describe the most common attacks on Web applications
· Knowing the most frequent malware and how they propagate
· Being able to describe the security issues of mobile devices
· Knowing the main approaches that can be used to authenticate users to a machine
· Being able to analyse a security protocol and possibly highlight the vulnerabilities with respect to the most common types of attack
· Being able to identify and describe the most common attacks on Web applications
· Knowing the most frequent malware and how they propagate
· Being able to describe the security issues of mobile devices
Lesson period: Third four month period
Assessment methods: Esame
Assessment result: voto verbalizzato in trentesimi
Single course
This course can be attended as a single course.
Course syllabus and organization
Single session
Responsible
Lesson period
Third four month period
Course syllabus
1. Introduction to computer security. The problem of computer security: how to protect yourself, against whom or what. Man-machine authentication. Authentication and security protocols.
2. Security of Web systems. The HTTP protocol vulnerabilities. SQL Injection and Cross Site Scripting (XSS). Email security. Malware
3. Security of mobile systems. Common vulnerabilities, malware and attacks. Android and iOS security as case study.
4. Online privacy.
2. Security of Web systems. The HTTP protocol vulnerabilities. SQL Injection and Cross Site Scripting (XSS). Email security. Malware
3. Security of mobile systems. Common vulnerabilities, malware and attacks. Android and iOS security as case study.
4. Online privacy.
Prerequisites for admission
Knowledge of basic concepts of cryptography, database systems and computer networks.
Teaching methods
Lectures and laboratory.
Teaching Resources
Web site: http://cbraghinsswm.ariel.ctu.unimi.it
Course slides, notes taken in class and articles in English which are part of the course programme.
Course slides, notes taken in class and articles in English which are part of the course programme.
Assessment methods and Criteria
The exam consists of a one and a half hour written test mainly with open questions.
The evaluation takes into account the level of mastery of the subject and the clarity of presentation.
The evaluation takes into account the level of mastery of the subject and the clarity of presentation.
INF/01 - INFORMATICS - University credits: 6
Lessons: 48 hours