Back close

Course Detail

Course Name Modern Web Application Development and Exploitation
Course Code 21SN601
Program M. Tech. in Cyber Security Systems & Networks
Semester 1
Credits 4


Overview of web architecture, Protocols, Client server architecture, P2P architecture, DNS etc. Understanding the browser : Same origin policy, Cookies, Cache, authentication. Website development basics, understanding server side languages like nodejs, Go, client side languages such as HTML, Javascript, ReactJS, VueJs and Database languages such as SQL and nosql. Understanding the frontend, backend, database paradigm of modern web application development. Injection attacks : SQL injection, OS Command injection., LDAP Injection File upload vulnerability : LFI, RFI, how to properly secure a file inclusion vulnerability. Request forgery vulnerability : Server side request forgery, Client side request forgery. Cross site scripting attacks : Reflected XSS, Stored XSS, Dom based XSS, Self XSS, Mutated XSS, how to properly secure against XSS attacks. Server side templates and template injection, DOS & DDOS attacks, Phishing attacks, OWASP Top 10 vulnerabilities, OAuth vulnerabilities. Automating vulnerabilities. OWASP Top 10: Broken Authentication, Sensitive Data Exposure, XML External Entities, Broken Access Control, Security Misconfiguration, Insecure Deserialization, Using Components with Known Vulnerabilities, Insufficient Logging & Monitoring. Privacy laws: GDPR etc Privacy in web: Trackers, Browser fingerprinting, tor/onion network, browser extensions. Responsible vulnerability disclosure : CVE’s, CVEmitre, Exploit-db, SearchSploit, bug bounty. Secure coding practices : blacklisting, whitelisting, user input validation, automated testing, trusted types, sanitizing HTML


  1. Peter Yaworski, “Real-World Bug Hunting: A Field Guide to Web Hacking”
  2. Michal Zalewski, “The Tangled Web: A Guide to Securing Modern Web Applications”
  3. Dafydd Stuttard and Marcus Pinto, “The Web Application Hacker’s Handbook” Second

    edition, 2011

  4. OWASP, “Web Security Testing Guide”, Fourth edition

Course Objectives

  • CO1. Understanding the basic concepts behind modern web architecture and development along with a solid understanding of protocols that power them.
  • CO2. Familiarization basic concepts such as authentication, state management in context of the application layer of web sites and applications
  • CO3. Learn about the various web application related vulnerabilities such as SQLi, LFI, XSS etc, the ways in which they can be exploited and how to properly secure against them

DISCLAIMER: The appearance of external links on this web site does not constitute endorsement by the School of Biotechnology/Amrita Vishwa Vidyapeetham or the information, products or services contained therein. For other than authorized activities, the Amrita Vishwa Vidyapeetham does not exercise any editorial control over the information you may find at these locations. These links are provided consistent with the stated purpose of this web site.

Admissions Apply Now