← 返回首页

Web安全

Web Security

课程介绍 Course Introduction

学分:3 | 先修课:计算机网络、数据库系统 | 学期:第6学期

Web安全课程聚焦Web应用的安全威胁与防护技术。涵盖OWASP Top 10漏洞,包括SQL注入、XSS、CSRF、SSRF、文件上传漏洞、反序列化漏洞、认证与会话管理缺陷等。学生将学习漏洞原理、渗透测试方法、安全编码规范,以及Web应用防火墙(WAF)的配置与使用。

Web Security focuses on security threats and protection techniques for web applications. The course covers OWASP Top 10 vulnerabilities including SQL injection, XSS, CSRF, SSRF, file upload vulnerabilities, deserialization flaws, and authentication/session management defects. Students learn vulnerability principles, penetration testing methods, secure coding standards, and configuration of Web Application Firewalls (WAF).

大作业 Final Project

作业标题:Web应用渗透测试与漏洞修复

对给定Web应用进行渗透测试,发现并验证SQL注入、XSS、CSRF等漏洞,编写漏洞利用PoC,提出修复方案并实施代码加固,提交测试报告与修复前后对比。

Perform penetration testing on a given web application, identify and verify vulnerabilities such as SQL injection, XSS, and CSRF, write proof-of-concept exploits, propose and implement fixes, and submit a test report with before-and-after comparison.