Course Title: 
Database and Web Application Security
Course Code: 
Year Taught: 
Postgraduate (PG)
School of Engineering
Cyber Security

"Database and Web Application Security" is an elective course offered in M. Tech. in Cyber Security Systems & Networks program at School of Engineering, Amrita Vishwa Vidyapeetham, Amritapuri.

Database security – Introduction includes threats, vulnerabilities and breaches,Basics of database design,DB security – concepts, approaches and challenges, types of access controls, Oracle VPD,Discretionary and Mandatory access control – Principles, applications and poly-instantiation, Database inference problem, types of inference attacks, distributed database, security levels, SQL-injection: types and advanced concepts.Security in relational data model, concurrency controls and locking,SQL extensions to security (oracle as an example), System R concepts, Context and control based access control,Hippocratic databases, Database watermarking,Databaseintrusion,Secure data outsourcing, Web application security, Basic principles and concepts, Authentication, Authorization, Browser security principles; XSS and CSRF, same origin policies, File security principles, Secure development and deployment methodologies,Web DB principles, OWASP – Top 10 - Detailed treatment,IoT security – OWASP Top 10 – Detailed treatment,Mobile device security – Introduction, attack vector and models, hardware centric security aspects, SMS / MMS vulnerabilities, software centric security aspects, mobile web browser security,Application security – Concepts, CIA Triad, Hexad, types of cyber attacks,Introduction to software development vulnerabilities, code analyzers – Static and dynamic analyzers,Security testing / Penetration testing – Principles and concepts, PT work flows and examples, blind tests, ethical hacking techniques, synthetic transactions, interface testing and fuzzing,SDLC phases and security mandates

  1. Michael Gertz and SushilJajodia, “Handbook of Database Security— Applications andTrends”, Springer, 2008.
  2. Bryan and Vincent, “Web Application Security, A Beginners Guide ”,McGraw-Hill, 2011
  3. BhavaniThuraisingham, “Database and Applications Security”, Integrating Information Security and Data Management, Auerbach Publications, 2005.
  4. Alfred Basta, Melissa Zgola, “Database Security”, Course Technology, 2012.