Web Security
Web安全课程聚焦Web应用的安全威胁与防护技术。涵盖OWASP Top 10漏洞,包括SQL注入、XSS、CSRF、SSRF、文件上传漏洞、反序列化漏洞、认证与会话管理缺陷等。学生将学习漏洞原理、渗透测试方法、安全编码规范,以及Web应用防火墙(WAF)的配置与使用。
Web Security focuses on security threats and protection techniques for web applications. The course covers OWASP Top 10 vulnerabilities including SQL injection, XSS, CSRF, SSRF, file upload vulnerabilities, deserialization flaws, and authentication/session management defects. Students learn vulnerability principles, penetration testing methods, secure coding standards, and configuration of Web Application Firewalls (WAF).
对给定Web应用进行渗透测试,发现并验证SQL注入、XSS、CSRF等漏洞,编写漏洞利用PoC,提出修复方案并实施代码加固,提交测试报告与修复前后对比。
Perform penetration testing on a given web application, identify and verify vulnerabilities such as SQL injection, XSS, and CSRF, write proof-of-concept exploits, propose and implement fixes, and submit a test report with before-and-after comparison.