This module provides a comprehensive and accessible look at the major business challenges and threats that are introduced when an organisation’s network is connected to the public Internet. An in-depth look of how hackers’ access online networks and use of Firewalls and VPNs to provide security countermeasures. The module also takes an in-depth look at how secure users are as customer-facing information migrates from mainframe computers and application servers to Web-enabled applications. The module implements theoretical and practical solutions and security strategies to mitigate the risk associated with Web applications.

The practical labs cover various aspects of web security, providing you with a solid foundation in fundamental concepts and practical skills. The topics covered include Session Management, which explores sessions and cookies, Cross-Site Scripting (XSS), which delves into the pervasive threat of XSS attacks, SQL Injection, addressing the prevalent threat to web applications, and Advanced SQL Injection, which goes into the intricacies of injection attacks, including OS command injection and automated SQL injection. Additionally, the collection covers Cross-Site Request Forgery (CSRF), focusing on the exploitation of user trust in this prevalent attack. Throughout the labs, participants engage in hands-on activities using various tools such as Damn Vulnerable Web App (DVWA), OWASP WebGoat, OWASP Security Shepherd, and Zed Attack Proxy (ZAP), gaining practical experience in identifying, exploiting, and mitigating web security vulnerabilities. The labs aim to equip participants with the skills necessary for ethical hacking, auditing, and securing web applications in real-world scenarios, covering a range of security challenges and techniques.