UIMOIBK052 Application Security

Faculty of Philosophy and Science in Opava
Summer 2021
Extent and Intensity
0/0/0. 4 credit(s). Type of Completion: zk (examination).
Teacher(s)
Ing. Vladimír Lazecký (lecturer), RNDr. Šárka Vavrečková, Ph.D. (deputy)
RNDr. Šárka Vavrečková, Ph.D. (lecturer)
Guaranteed by
RNDr. Šárka Vavrečková, Ph.D.
Institute of Computer Science – Faculty of Philosophy and Science in Opava
Prerequisites
TYP_STUDIA(B)
Computer Network and Internet
Course Enrolment Limitations
The course is also offered to the students of the fields other than those the course is directly associated with.
fields of study / plans the course is directly associated with
Course objectives
Currently, most applications are developed as web applications. If the application is not properly developed, it provides an easy target for attacks by the hacking community (under this term we summarize how an individual's interest in misusing this information, industrial espionage, or espionage itself). Each application should meet at least the following parameters: Confidentiality, Availability, Integrity. In this course, we focus primarily on the application of security principles in Web application development and also generally security on the application layer RM ISO / OSI.
Learning outcomes
Students will be able to:
- describe general recommendations based on EU standards;
- summarize the development process of web applications;
- compare and highlight differences in protection against DOS attacks on the seventh layer of the OSI model with protection against DOS attacks on the fourth layer OSI model;
Syllabus
  • 1. The legal environment defining application development, application security in Czech Republic and EU.
  • 2. Development of web applications.
  • 3. Web application firewall - why L7 security is as important as L4 firewall.
  • 4. Web application firewall - DoS attacks protection on L7.
  • 5. PCI Security standard framework.
Literature
    required literature
  • The Open Web Application Security Project (OWASP). URL info
    recommended literature
  • RFC standards [online]. URL info
  • The PCI Security Standards Council [online]. URL info
  • Zákon č. 101/2000 Sb., o ochraně osobních údajů, ve znění účinném od 1. ledna 2015. URL info
  • Zákon č. 181/2014 Sb., o kybernetické bezpečnosti a příslušné prováděcí předpisy. URL info
  • Národní úřad pro kybernetickou a infomační bezpečnost [online]. Dostupné na: https://www.govcert.cz/cs/zkb/legislativa/
  • Jirovský, Václav. Kybernetická kriminalita: nejen o hackingu, crackingu, virech a trojských koních bez tajemství. Praha: Grada, 2007. ISBN 978-80-247-1561-2. URL info
  • Doseděl, Tomáš. Počítačová bezpečnost a ochrana dat. Brno: Computer Press, 2004. ISBN 80-251-0106-1. info
Teaching methods
Interactive lectures
Tutorials in computer class
Assessment methods
Credit: a practical form of verification of study results. Exam: a written form of verification of study results.
Language of instruction
Czech
Further comments (probably available only in Czech)
The course can also be completed outside the examination period.
Information on the extent and intensity of the course: 10 hod/sem.
The course is also listed under the following terms Summer 2022, Summer 2023, Summer 2024, Summer 2025.
  • Enrolment Statistics (Summer 2021, recent)
  • Permalink: https://is.slu.cz/course/fpf/summer2021/UIMOIBK052