|
T. Andrew Yang Email: yang@uhcl.edu Web page:
http://sce.uhcl.edu/yang/ Tel.: (281) 283-3835 |
Last updated: 1/24/2013:
additional requirements for the projects (in red) 1/17/2013: first published |
|
|
|
CSCI 5234 Web Security
Note: Note: This
is an individual project. The
goal of this project is for you to visit refereed publications (as well as
some relevant web sites) to perform a detailed investigation of a chosen
research topic. The topic you choose should be aligned with your chosen
team project topic, by investigating related literature and resources about
that topic. If you need suggestions when choosing the topic, feel free to
discuss with the instructor. Each person should create and maintain a distinct discussion
thread in the discussion group, by responding to the instructor's post named
'Research projects should be posted here". Progress of your project
should be updated weekly in that thread. How well you maintain your
discussion thread is part of the grading. A benefit of this approach is that both the instructor and your
classmates will be able to view your progress and, if applicable, share their
thoughts and comments.
Items
to be submitted:
A
preliminary abstract of your presentation topic is due early in the semester. Each student should publish
his/her abstract in the class discussion board by the due date. The abstract should be 1-2
pages long, and contains the following sections: (1)
Class name
(i.e., CSCI5234 Web Security) (2)
Your name and
an email address that you check regularly (that is, at least once a day) (3)
Topic of your
investigation (4)
General
description of the topic (5)
Why is the
topic related to web security? (6)
Survey of
related work Discuss at least three
articles related to the topic. VERY Important: Make sure you properly cite the work of other researchers or
professionals. Visit http://sce.uhcl.edu/yang/citing.htm
for more information about cited references. Warning: Missing
or improper cited references in your abstract and final report will result in
poor score for your presentation. (7)
A tentative outline
(agenda) of your final report. That is, the sections/subsections that you
plan to include in the final paper.
1.
The written
report should include your findings about the chosen topic. 2.
A draft of the final
report should be published in the class discussion group to solicit comments
from your classmates and the instructor. Warning: Missing
or improper cited references in your abstract and final report will result in
poor score for this assignment. 3.
The following
is a suggested outline of your final report:
i. Title
ii.
Your name (and
email address)
iii.
An abstract
(50-100 words)
iv.
Introduction to
the topic
v. Significance of the chosen topic with respect to
the security of web-based applications
vi.
Survey of
related work
vii.
Implemented
demonstrations, if applicable.
viii.
Your findings
ix.
Future work:
research ideas and projects possibly related to the topic
x. Conclusion
xi.
Appendix (if
any) Go to the Index
Each
team is composed of two persons and shall investigate one of the attacking
methods against web applications. Example attacking methods are discussed in
the textbook (chapters 5 through 19). Publish
your chosen topic in the discussion board by the due date. A
detailed design, along with a prototype (if applicable), is due for in-class
presentation around the midterm time (that is, project design in the syllabus
page). If you’d like to have individual
programming projects, be sure to check with the instructor first concerning
the nature of your project.
1) The design of your project shall consist of a
detailed system setup diagram. In the diagram, clearly show how the
various tiers would interact with each other and, if applicable, how a
particular component in the system would be exploited by that attack. 2)
In your design, clearly identify the vulnerabilities
of the web application that make the attacking method possible. 3)
It is highly
recommended that you implement a prototype system to demonstrate how
the specific attacking method would work. Note: Search the authors' website
and other online resources to find relevant information. Each team should create and maintain a distinct discussion thread
in the discussion group, by responding to the instructor's post named Team
projects should be posted under this topic". Progress of your project
should be updated weekly in that thread. How well you maintain your
discussion thread is part of the grading. A benefit of this approach is that both the instructor and other
teams will be able to view your team's progress and, if applicable, share
their thoughts and comments.
1) Design 2) Demonstration of the attack (if applicable) 3) Presentation slides -
Each team needs
to give an in-class demonstration of the project. See the class schedule for the date. 4) Final investigation report The final project
report should contain the system
architecture, the final detailed design, the source programs (if applicable),
responses to comments made by the instructor and the classmates. Publish the
final project report in the class discussion board. Go to the Index |
|
||