The material is subdivided in small videos.
Please, watch the videos and go through the reading material in your own time.
Also remember to work on the accompanying exercises sheet
|A gentle introduction to Cryptography||video (45min) (sorry about the bad audio. I bought a new mic, but it was worse!) pdf||Text Book Chapter 1– sections 3.1, 3.2, 3.4, 3.5|
|A gentle introduction to Web Terminology||video (32min) pdf||Text Book Chapter 7– sections 1.1|
|Web Security Part 1||video (22min) pdf||Text Book Chapter 7– sections 1.4, 2.1, 2.2, 2.3|
|Web Security Part 2 (XSS, CSRF)||video (27min) pdf||Text Book Chapter 7– sections 2.6, 2.7|
|Web Security Part 3 (SQLi)||video (17min) pdf||Text Book Chapter 7– section 3.3|
The results from last week survey are available.
Note: Due to some setting issues, we realized that when Sanjay was explaining the input Sanitization example, the video did not capture his on-screen writing. It only captured his voice describing the example, which makes it hard to understand what was being pointed out. So, here is the example, he was talking about: It was a real example from MS sanitizing inputs for its IIS server. The idea was to remove the string
<scri<script>pt>. As you can see, on receiving this string, sanitizer removes substring
<script>, which results in concating the remaining parts thereby generating the intended string