Digital Forensics and Web Security



The objective of this hands-on course is to present the students with techniques, methodologies and tools for successful forensics investigations. Moreover, it aims to broaden their knowledge of web application hacking and help them identify and circumvent various protection mechanisms in use on the web today. Finally, the open research issues in this area are highlighted.

Upon completion of this course, the students will be able to:

  • Effectively preserve and analyse a large number of digital evidence sources, including both on disk and in memory data.
  • Find network-based evidence and extract it from packet capture files.
  • Carry out static and dynamic analysis of malware code.
  • Create a secure web application avoiding common security flaws.
  • Perform penetration testing to web applications.
  • Understand the current research trends and assess their impact in the forthcoming years.

Course Contents

  • Introduction to digital forensics. File systems analysis, file carving techniques.
  • Network forensics, packet analysis, statistical flow record analysis.
  • Log data analysis, SIEM, visual analytics and security intelligence.
  • Malware forensics, static and dynamic malware analysis. Windows memory acquisition techniques and analysis.
  • Introduction to Web technologies including PHP, HTML, SQL, Javascript.
  • Cross Site Scripting attacks (XSS) and Cross Site Request Forgery (CSRF) attacks.
  • SQL injection and Local file inclusion attacks (LFI). Remote command execution.
  • Common Flaws and failures in Authentication, Session Management, Access Control mechanisms as well as in cryptographic implementations.
  • Defending web applications with input validation and sanitization methods. Web application penetration testing.

  • Michal Zalewski(2011): The Tangled Web: A Guide to Securing Modern Web Applications, No Starch Press.
  • Cory Altheide, Harlan Carvey (2011), Digital Forensics with Open Source Tools, Syngress.
  • Instructors notes.