Course Code CYBERSECURITY AND APPLICATIONS L T P C

2 0 1 2
COURSE OBJECTIVE

The objective of this course is to provide knowledge on the threats and vulnerabilities to web
applications. This is very crucial due to the dependencies of today’s world on web apps and digital
transactions. The course also provides details on how to secure our computer network systems
from malicious activities and attacks.
UNIT-I Networking and Web Technology 7 hours
Network Components - Network Basics - Network Communication -Web Technologies TCPIP -
Web Services
UNIT-II Introduction to Cyber Security 8 hours
Recent Cyber Attacks - Cyber Security Concepts - Layers of Cyber Security - Introduction to
Application Security - Secure Coding OWASP Top 10 - Coding Practices Secure Design – Closure
[Practical demos and code on OWASP vulnerabilities and how to mitigate them]
UNIT-III Fundamentals of Information Security & Fundamentals of Cryptography
7 hours
Why information security? - What is information security? - Data Security - Network security -
Application Security – Closure. Why Cryptography? – Cryptography - Shared Key Cryptography
– Illustration - Shared Key Cryptography - Public Key Cryptography – Illustration - Public Key
Cryptography – Hashing -Digital Signature – Illustration - Digital Signature - Applications of
cryptography – Conclusion [Algorithmic representation of cryptographic methods]
UNIT-IV Threat Modeling & Identity and Access management 6 hours
Basics of Threat Modeling - Learn Threat Modeling with a Use Case - Tool Walkthrough - MS
Threat Modeling Tool – Assignment - Introduction to Identity and Access Management - What
next
UNIT-V Java SE 11 Programmer II: Secure Coding in Java SE 11 Applications 7 hours
Course Overview – Managing Denial of Service – Securing Information – Managing Data
Integrity – Accessibility and Extensibility – Securing Objects – Serialization and Deserialization
Security – JCA and its Principles – Provider Architecture – Engine Class – Key Pair Generation –
Signature Management – Unsecure to Secure Object – Course Summary. [Demos of Secure
Coding in Java]
UNIT-VI Security Standards and Regulations 5 hours
PCI DSS – ISMS -FIPS and NIST Special Publications – FISMA – GDPR – HIPAA – SOX - Conclusion
UNIT-VII Identity Governance and Administration 5 hours
Need for IGA & basics concepts - IGA Basic Concepts and Onboarding - IGA Governance -
Identity Administration in IGA - What next?

Total : 45 Periods
COURSE OUTCOMES

On completion of the course, students will be able to:

CO1 : Identify network components, gain awareness on DHCP, DNS Server and TCP/IP
architecture
CO2 : Gain understanding of threat modelling and its importance in the design of web
applications
CO3 : Investigate how to secure web applications written using Java Technology. Apply
secure coding techniques in Java, Python, C/C++ Programming Languages
CO4 : Practice identification of OWASP vulnerabilities and mitigation techniques
CO5 : Gain understanding of the importance of Security Standards and Regulations like
PCI DSS, ISMS, FIPS, NIST Special Publications, FISMA, GDPR, HIPAA and SOX
CO6: Recognize Identity Governance and Administration (IGA) - what problems IGA
solutions solve; governance models like - roles, certifications, policies and identity
life cycle management

FOR FURTHER READING

1 Networking Fundamentals, 2019 edition, Packt, Author: Gordon Davies
2 Principles of Information Security, Authors: Michael E. Whitman and Herbert J. Mattord,
Course technology incorp
3 CSSLP SECURE SOFTWARE LIFECYCLE PROFESSIONAL ALL-IN-ONE EXAM GUIDE, Third
Edition, 3rd Edition, Authors: Wm. Arthur Conklin, Daniel Paul Shoemaker, Released
February 2022,Publisher(s): McGraw-Hill,ISBN: 9781264258215

REFERENCE
1 https://infyspringboard.onwingspan.com/en/app/toc/lex_auth_012683751296065536
354_shared/contents (Network Fundamentals)
2 https://infyspringboard.onwingspan.com/en/viewer/html/lex_auth_01350156965715
96809160 (Certified Secure Software Lifecycle Professional (CSSLP) 2019: Secure Coding
Practices)
3 https://infyspringboard.onwingspan.com/en/viewer/html/lex_auth_01350156899275
57129660 (OWASP Top 10: Web Application Security)
4 https://infyspringboard.onwingspan.com/en/viewer/html/lex_auth_01350159304097
792013093 (Defensive coding fundamentals in C and C++)
5 https://infyspringboard.onwingspan.com/en/app/toc/lex_auth_013501581644931072
11192/overview (Security Programming: Python Scripting Essentials)

ONLINE REFERENCE
1 https://www.stealthlabs.com/blog/infographic-top-15-cybersecurity-myths-vs-reality/
2 https://microage.ca/cybersecurity-layering-approach/
3 https://www.oracle.com/java/technologies/javase/seccodeguide.html
4 https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling
5 https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-sandboxing/
6 https://www.skillsoft.com/course/security-programming-python-scripting-essentials-be99adad-1f65-4
a4b5-6b5346072b8e

SOFTWARE REQUIREMENT
● Python
● Java script, Node Js
● Java Development kit
HARDWARE REQUIREMENT
● i5 or i7 processor or R5 from AMD
● 16 GB of RAM. 500 GB storage system
INDUSTRY SCOPE
On completion of this course students will be able to identify vulnerability and security
threats in web applications and learn to write secure code. This is extremely crucial, given
the huge volume of digital transactions and web applications.

INDUSTRY USE CASES

1. Identification of basic network components, practice commands for TCP-IP architecture
and subnetting. [Reference : Lab Guide - Viewer Page | Infosys Springboard
(onwingspan.com)]
2. Build awareness on Defensive coding practices and control such as secure
configuration, error handling, and session management, cryptography, input and
output sanitization, error handling, input validation, logging and auditing, and session
and exception management.[Reference:
https://infyspringboard.onwingspan.com/web/en/viewer/html/lex_auth_0135015696
571596809160]
3. Practice defensive coding practices in C/C++ such as inspections, testing, and input
validation. [Reference: Defensive Coding Fundamentals for C/C++ - Viewer Page |
Infosys Springboard (onwingspan.com)
4. Explore the top 10 OWASP vulnerabilities, their causes, consequences, and mitigation
techniques.
[Reference: OWASP Top 10: Web Application Security - Viewer Page | Infosys
Springboard
(onwingspan.com)],OWASP.org,http://cwe.mitre.org/top25/archive/2021/2021_cwe_
top25.html. Make a report of the studied material.
5. Practice secure coding techniques in Python programming language [Reference:
https://infyspringboard.onwingspan.com/en/app/toc/lex_auth_01350158164493107
211192/overview
6. Create a login page with username and password which will connect to a database
which will store the name and password. You can use Java and HTML code and database
as per convenience. Simulate an SQL injection attack. Write embedded SQL code to
avoid SQL injection attack. Document how this is taken care in the later versions of Java.
7. Create a login page with username and password which will connect to a database
which will store the name and password. You can use Python as a base and database as
per convenience. Simulate an SQL injection attack. Write the revised code in Python
that will sanitize the inputs and help prevent an SQL injection attack.
8. Read and understand the Heartbleed vulnerability. Identify the code in C++ that can
simulate this vulnerability and code to fix it. Document the secure coding practices to
take care of this vulnerability and the reasons for it to happen.
9. Given a web application, try out the top 10 OWASP vulnerabilities and how to mitigate
them. [Reference: TOC - Explore OWASP Top 10 Vulnerabilities | Infosys Springboard
(onwingspan.com), will be given as a document with code]

Mode of Delivery Online (Self-Learning)

Course Evaluation Online Assessment
Applicable for All Branches of Engineering (First
Multiple Hybrid Branch of Students
Year & Final Year)
NOS Alignment Yes- Infosys Industry Standard
Train-the-Trainer Faculty Enablement Program
Commercials Free of Cost