Exploiting and Protecting Web Applications

Web applications are vulnerable to many types of attacks to which traditional client-server applications are not as susceptible. These vulnerabilities, over the past several years, have resulted in attacks that have exposed companies to monetary losses and reputational damage.
This course covers these vulnerabilities, how attacks are constructed based on them, and techniques that can be used to mitigate such vulnerabilities.
Example web vulnerabilities covered in this course include client-state manipulation, cookie-based attacks, SQL injection, cross domain attacks (XSS, XSRF, XSSI), DNS rebinding, timing attacks, user tracking, and HTTP header injection. In addition, this course covers security issues that can arise in Web 2.0 and HTML5 applications that take advantage of heavy use of JavaScript, AJAX, mash-ups, and HTML5 extensions.
Exclusive Interviews
We recommend that you have the equivalent of a BS in computer science, or a background in cybersecurity.
If you are less familiar with the content, we recommend starting with the course Foundations of Information Security. It provides the fundamentals necessary for subsequent courses in the program.
This course is approximately 6.5 hours of video content with 1.5 hours of coursework.
The All-Access Plan—a full year to view and complete course materials, video lectures, assignments and exams, at your own pace. Revisit course materials or jump ahead... all content remains at your fingertips year-round.
$2,970 for one-year access to all 8 online courses in the Advanced Cybersecurity Program
Individual Courses—60 days to view and complete course materials, video lectures, assignments and exams, at your own pace.
$495 per online course
By completing this course, you’ll earn 1 Continuing Education Unit (CEU). CEUs cannot be applied toward any Stanford degree. CEU transferability is subject to the receiving institution’s policies.
CPEs: By completing the course, you can qualify for Group A or Group B Continuing Professional Education (CPE) credits to maintain your (ISC)² certifications, such as the CISSP. Final approval of CPEs is subject to (ISC)².
When you complete each course, you’ll receive an email with a link to download your Record of Completion. This email will be sent to the address you provide in your mystanfordconnection within 3 business days of course completion.