Web Applications and Security Laboratory

Hyderabad Karnataka Education Society’s

POOJYA DODDAPPA APPA COLLEGE OF ENGINEERING
KALABURAGI-585102- KARNATAKA

KALABURAGI
ESTD.1958

Department of Information Science and Engineering

Lab Manual of
Web Applications and Security Laboratory
[18ISL71]

SEMESTER – VII

Prepared by:
Prof. Gurappa Kalyani (Asst. Professor)
Miss. Shivaleela Biradar (Instructor)

DEPT. OF ISE, PDACEK – 585102

 Web Applications and Security Laboratory

VISION OF THE INSTITUTION

 To be an institute of excellence in technical education and research to serve the needs of the
industry and society at local and global levels.

MISSION OF THE INSTITUTION

 To provide a high-quality educational experience for students with values and ethics that enables
them to become leaders in their chosen professions.
 To explore, create and develop innovations in engineering and science through research and
development activities.
 To provide beneficial service to the national and multinational industries and communities
through educational, technical and professional activities.

VISION OF THE ISE DEPARTMENT

 To impart quality education and research in Information Technology to produce a competent,
committed and goal oriented workforce to fulfil the needs of the local and global requirements.

MISSION OF THE ISE DEPARTMENT

 The Department’s Mission is to advance knowledge in the Information and Computing Sciences
by providing our students with the highest quality educational experience by 

M1: Producing quality workforce with cutting edge technology.

M2: Engaging in innovative teaching learning, research and community service.
M3: Strengthening continuous interactions with alumni and industry and enable graduates to attain
Entrepreneurial qualities with life-long learning skills.

DEPT. OF ISE, PDACEK – 585102

 Web Applications and Security Laboratory

PROGRAM OUTCOMES

Engineering Graduates will be able to:

1. Engineering knowledge: Apply the knowledge of mathematics, science, engineering

fundamentals, and an engineering specialization to the solution of complex engineering
problems.

2. Problem analysis: Identify, formulate, review research literature, and analyze complex
engineering problems reaching substantiated conclusions using first principles of mathematics,
natural sciences, and engineering sciences.

3. Design/development of solutions: Design solutions for complex engineering problems and

design system components or processes that meet the specified needs with
appropriate consideration for the public health and safety, and the cultural, societal, and
environmental considerations.

4. Conduct investigations of complex problems: Use research-based knowledge and research

methods including design of experiments, analysis and interpretation of data, and synthesis of
the information to provide valid conclusions.

5. Modern tool usage: Create, select, and apply appropriate techniques, resources, and modern
engineering and IT tools including prediction and modelling to complex engineering activities
with an understanding of the limitations.

6. The engineer and society: Apply reasoning informed by the contextual knowledge to
assess societal, health, safety, legal and cultural issues and the consequent responsibilities
relevant to the professional engineering practice.

7. Environment and sustainability: Understand the impact of the professional engineering

solutions in societal and environmental contexts, and demonstrate the knowledge of,
and need for sustainable development.

8. Ethics: Apply ethical principles and commit to professional ethics and responsibilities and
norms of the engineering practice.

9. Individual and team work: Function effectively as an individual, and as a member or leader
in diverse teams, and in multidisciplinary settings.

DEPT. OF ISE, PDACEK – 585102

 Web Applications and Security Laboratory

10. Communication: Communicate effectively on complex engineering activities with the

engineering community and with society at large, such as, being able to comprehend and
write effective reports and design documentation, make effective presentations, and give and
receive clear instructions.

11. Project management and finance: Demonstrate knowledge and understanding of the
engineering and management principles and apply these to one’s own work, as a member
and leader in a team, to manage projects and in multidisciplinary environments.

12. Life-long learning: Recognize the need for, and have the preparation and ability to
engage in independent and life-long learning in the broadest context of technological change.

PROGRAM SPECIFIC OUTCOMES (PSOS)

The graduates are able to:

PSO1: Demonstrate the working principles of computing systems and application Software

PSO2: Provide the suitable strategies and design solutions to solve IT related problems.

PSO3: Apply the professional practices to implement and deploy the real life applications

PROGRAM EDUCATIONAL OBJECTIVES (PEO’S)

PEO 1: Apply the principles of information and allied science, mathematics and scientific
investigation to solve real world problems appropriate to the discipline.

PEO 2: Apply current industry accepted computing practices and emerging technologies to
analyze, design, implement, and verify high quality IT-based solutions to real world
problems.

PEO 3: Exhibit teamwork and effective communication skills.

PEO 4: Understand the ethical obligations, social impacts and apply their technical
knowledge positively and appropriately in the course of career and professional
journey.

PEO 5: Be successfully employed or accepted into a postgraduate program, and

demonstrate a pursuit of lifelong learning.

DEPT. OF ISE, PDACEK – 585102

 Web Applications and Security Laboratory

Web Applications and Security Laboratory

Subject Code: 18ISL71 Credits: 01

Hours/Week: 02 Hrs (Practical) SEE: 50 Marks
CIE: 50 Marks SEE: 03 Hrs
SYLLABUS
1. Analyze different encoding(Base 64,URL,HTML) and encryption (MD5,SHA1,SHA2 etc)
mechanism used in application .
2. Build a sitemap using the application mentioned for analysis.
3. Experiment to perform web application mirroring using Httrack
4. Build a checklist for authentication and apply for on the web application to analyses the outcomes
Authentication bypass
5. Build a checklist for session management and use the same to perform manual checks on the
application.
6.Experiment to perform Sessions Hijacking using Webgoat-Framework.
7.List Horizontal Access Controls in the application and bypass the roles based functionalities.
8.Experiment to perform SQL in application using manual and automated method.
9. Experiment to perform OS command injection in application and extend the attack to gain web
shell access.
10. Build a checklist for file path traversal to access the server internal files.
11. Experiment to analyse XML parser working in the application using External entities?
12. Find Business logic flows in given application?

DEPT. OF ISE, PDACEK – 585102

 Web Applications and Security Laboratory

COURSE OBJECTIVES

• Recognize common web application security vulnerabilities and how to determine if they are
Present in web applications.
• Understand the capabilities of various browser proxies and penetration testing tools.
• Detect SQL injection Vulnerabilities.
• Identify unguarded Authentication and Sessions

COURSE OUTCOMES (CO)

CO1: Develop and implement python interface for encryption and decryption algorithms.
CO2: Determine and analyze software vulnerabilities and security solutions to reduce the risk of
exploitation.
CO3: Apply software engineering concepts to manage the complexity of client-side and server-side
software.
CO4: Demonstrate computer security concepts for designing web application which is robust to
known and unknown attacks
CO5: Design operational and strategic web security strategies and policies.

DEPT. OF ISE, PDACEK – 585102

 Web Applications and Security Laboratory

COURSE ARTICULATION MATRIX

COURSE ARTICULATION MATRIX

Course Outcome Statement P P P

PO1 PO1 PO1 PS PS PS
O O PO3 O PO5 PO6 PO7 PO8 PO9
0 1 2 O1 O2 O3
1 2 4
Develop and implement
CO1
python interface for 3 3 3 3 3 3 3 3 3 3
encryption and
decryption algorithms.
Determine and analyze
software vulnerabilities
CO2 and security solutions 3 3 3 3 3 3 3 3 3 3
to reduce the risk of
exploitation.

Apply software
engineering concepts to
CO3 manage the complexity 3 3 3 3 3 3 3 3 3 3
of client-side and
server-side software.
Demonstrate computer
security concepts for
CO4
designing web 3 3 3 3 3 3 3 3 3 3
application which is
robust to known and
unknown attacks
Design operational and
CO5
strategic web security 3 3 3 3 3 3 3 3 3 3
strategies and policies.

AVERAGE 3 3 3 3 3 3 3 3 3 3

PROGRAM ARTICULATION MATRIX

Course
Cour Name
se
Code PSO
PO1 PO2 PO3 PO4 PO5 PO6 PO7 PO8 PO9 PO10 PO11 PO12 PSO1 2 PSO3
Web
Applicati
18ISL
ons and
71 Security 3 3 3 3 3 3 3 3 3 3
Laborato
ry

DEPT. OF ISE, PDACEK – 585102

 Web Applications and Security Laboratory

INSTRUCTIONS TO STUDENTS

1. Students leave their foot wares outside.

2. Students keep their bags in the rack.
3. Students must take care of their valuable things.
4. Students must bring Observation book, record and manual along with pen, pencil, and eraser Etc.,
no borrowing from others.
5. Students must handle the trainer kit and other components carefully, as they are expensive.
6. Before switch on the trainer kit, must show the connections to one of the faculties or
instructors.
7. After the completion of the experiment should return the components to the respective
lab instructors.
8. Before leaving the lab, should check whether they have switch off the power supplies and keep
their chairs properly.

DO’S AND DONT’S

 Be regular to the Lab Do not come late to the Lab

 Wear your College ID card
 Avoid unnecessary talking while doing the experiment
 Do not panic if you do not get the output
 Keep your work area clean after completing the experiment.
 After completion of the experiment Turnoff the computer
 Arrange your chairs and tables before leaving.

DEPT. OF ISE, PDACEK – 585102

 Web Applications and Security Laboratory

DEPT. OF ISE, PDACEK – 585102