SRT311 - Secure Scripting

Outline info
Semester
School
Last revision date 2017-05-29 00:32:27.165
Last review date 2017-07-17 00:15:48.568


Subject Title
Secure Scripting

Subject Description

System administrators must be able to modify existing scripts and write new scripts to assist with daily administration functions. In addition, many administrators must also support the use of server-side scripts on Web pages. However, several attacks exploit weaknesses in sever-side scrips not written with security in mind. This subject will introduce students to the installation, configuration and use of server-side scripting languages. Paricular attention will be paid to security in configuring scripting languages, in using scripting languages to analyze system logs, and in the programming practices required to develop secure server-side scripts.

Credit Status
1 credit in the IFS program.

Learning Outcomes
Upon successful completion of this subject the student will be able to:


  •     Describe the Web Client-Server Model and CGI
  •     Install server-side scripting languages
  •     Describe and configure security settings for scripting languages
  •     Code, debug and modify server-side scripts using a database
  •     Examine existing server-side scripts for security vulnerabilities
  •     Describe common types of scripting attacks and explain how they work
  •     Use a scripting language to analyze logs

Cheating and Plagiarism
Each student should be aware of the College's policy regarding Cheating and Plagiarism. Seneca's Academic Policy will be strictly enforced.

To support academic honesty at Seneca College, all work submitted by students may be reviewed for authenticity and originality, utilizing software tools and third party services. Please visit the Academic Honesty site on http://library.senecacollege.ca for further information regarding cheating and plagiarism policies and procedures.

Discrimination/Harassment
All students and employees have the right to study and work in an environment that is free from discrimination and/or harassment. Language or activities that defeat this objective violate the College Policy on Discrimination/Harassment and shall not be tolerated. Information and assistance are available from the Student Conduct Office at student.conduct@senecacollege.ca.

Accommodation for Students with Disabilities
The College will provide reasonable accommodation to students with disabilities in order to promote academic success. If you require accommodation, contact the Counselling and Disabilities Services Office at ext. 22900 to initiate the process for documenting, assessing and implementing your individual accommodation needs.

Prerequisite(s)
SRT210 and RIS120

Topic Outline

  • Web Client-Server Model
     
  • Common Gateway Interface
    • Client Side
    • Server Side
       
  • XHTML review
    • Tags
    • Tables
    • Forms
    • Input
    • Javascript
       
  • XML
    • Introduction
       
  • Scripting and Web Security
    • Cross-site scripting attacks
    • SQL injection attacks
    • Other vulnerabilities
       
  • Python
    • Installation
    • Language Basics - syntax & grammar
    • Control flow
    • Data structures
    • Modules
    • File I/O
    • Errors and Exceptions
    • Classes and Objects
    • CGI
    • Data validation
    • MySQL

Prescribed Texts
Online readings

Reference Material

  • Python: http://www.python.org/doc/
  • Perl: http://www.perl.org/docs.html
  • PHP: http://www.php.net/docs.php

Required Supplies
Removable hard drive with Linux installed.

Promotion Policy

Grading Policy
A+90%  to  100%
A80%  to  89%
B+75%  to  79%
B70%  to  74%
C+65%  to  69%
C60%  to  64%
D+55%  to  59%
D50%  to  54%
F0%    to  49% (Not a Pass)
OR
EXCExcellent
SATSatisfactory
UNSATUnsatisfactory

For further information, see a copy of the Academic Policy, available online (http://www.senecacollege.ca/academic-policy) or at Seneca's Registrar's Offices.


Modes of Evaluation

Since this is a professional credit subject, marking standards reinforce professional practice by demanding legible, tidy work. Written materials should be well organized and grammatically correct, with proper spelling and punctuation.

Assignments

  • Students must retain a duplicate of all assignments.
  • Computer assignments should be documented to the instructor's standards.
  • Assignments must be handed in on the scheduled due date. Late assignments are penalized.
  • For particulars, please obtain standards, dates, etc. from your instructor.
Absenteeism and Tests
  • Students should be aware that absenteeism will impact on their inability to achieve satisfactory grades.
  • Some of the progress tests and quizzes may not be announced in advance and details of the assignment requirements may be explained in class.
  • There is no formal provision for make-up tests to replace tests you miss.
  • If you miss a test, you must provide the reason in writing to the instructor within one week. If your reason is accepted, the weighting of that test will be added to that of the final exam. Otherwise, you will be given a zero for the test. You must submit an original doctor’s certificate identifying the date, length of time of expected absence and the specific reason for your absence, or other appropriate documentation.
Term Work and Final Exam
  • Students must attain a combined grade of at least 50% on term work and the final exam. Students must pass the final exam in order to pass the subject. 
  • For further information on evaluation and academic standing, see a copy of the Academic Policy available at Seneca registration offices.
Grading is based on the following marking scheme:

Assignmens 25%
Tests 20%
Labs 20%
Final Exam 35%

Approved by: Susan Savoie