Web Security in University Curricula


  • Cristian Opincaru Thales Rail Signalling Solutions


security, curriculum, web applications, web services


While Web applications and Web services gain more and more ground, the academic curriculum is not always keeping the pace. This paper presents the content of a course focused on Web security; as such it starts by defining the goals of the course, then defines the topics for the course units and finally describes the topics and the setup for laboratory units. The paper brings its contribution through the design of a course covering security aspects for both Web applications and Web services and through the detailed description of practical units and laboratory setup.


[I] Walden, J. 2008. "Integrating web application security into the IT curriculum." In Proceedings of the 9th ACA4 SIGITE Conference on information Technology Education (Cincinnati, OH. USA, October 16 - 18, 2008). SIGITE '08. ACM. New York, NY, 187-192.

Cynthia E. Irvine, Shiu-Kai Chin, Deborah Frincke, "Integrating Security into the Curriculum," Computer, vol. 31, no. 12, pp. 25-30. December, 1998. [3] Bogolea, B. and Wijekumar, K. 2004. "Information security curriculum creation: a case study." In Proceedings of the 1st Annual Conference on information Security Curriculum Development (Kennesaw, Georgia, October 08 - 08, 2004). InfoSecCD '04. ACM, New York, NY, 59-65.

Yu, H., Liao, W., Yuan, X., and Xu, J. 2006. "Teaching a web security course to practice information assurance." SIGCSE Bull. 38, 1 (Mar. 2006), 12-16.

Irvine. C. E. 2006. What Might We Mean By "Secure Code" and How Might We Teach What We Mean?, In Proceedings of the 19th Conference on Software Engineering Education and Training Workshops (April 19 - 21, 2006). CSEETW. IEEE Computer Society, Washington, DC, 22.

Irvine. C. E. 2003. Teaching Constructive Security. IEEE Security and Privacy 1,6 (Nov. 2003). 59-61.

"XACS241 - Web Security 2.0, Course Description, Standford University,

"Web Security", Course Description. International Webmasters Association — eclasses.org, http://iwa-hwg.eclasses.org/courseS111/ [9] [9] "Web Security", Google Code University. http://code.google.com/edu/security/index.html

M. Pinto. D. Stuttard, "Web Application Hacker's Handbook-, Wiley, 2007

M. Gregg, "Build your own security lab: a field guide for network testing''. Wiley, 2008

Microsoft Corporation, "Improving Web Application Security: Threats and Countermeasures", Microsoft Press, 2003

OWASP, "The WebScarab Project", http://www.owasp.org/index.php

OWASP, "The WebGoat Project", http://www.owasp.org/index.php

OWASP, "The Code Review Project', http://www.owasp.org/index.php

OWASP, "The OWASP Testing Guide", http://www.owasp.org/index.php

OWASP, "A guide to building secure web applications and web services", 2005,

OWASP, "Top 10 vulnerabilities 2007", http://www.owasp.orglindex.php/ToP 10 2007

"Top 100 Network Security Tools", http://sectools.org/

"The DoJo Toolkit", http://www.dojotoolkit.org/

Google Inc., "Google Web Toolkir, http://code.google.com/webtoolkit,

Bad Store. http://www.badstore.net/

Foundstone, McAfee, "Hacme Bank"

"Wapiti — Web application vulnerability scanner, http://wapiti.sourceforge.net

CIRT, "Nikto2", http://www.cirt.net/nikto2

"Firebug", http://getfirebug.com

Internet2, "Shibboleth", http://shibboleth.internet2.edu

OpenID Foundation. "OpenID", http://openid.net/

The Apache Software Foundation, "Apache AXIS2",http://ws.apache.org/axis2/

Romanian Technical Military Academy, "Security Masters Program", http://www.mta.ro/masterat/masterinfosec/index.html




How to Cite

Opincaru, C. (2010). Web Security in University Curricula. Journal of Mobile, Embedded and Distributed Systems, 2(2), 84-90. Retrieved from http://jmeds.eu/index.php/jmeds/article/view/Web-Security-in-University-Curricula