The Official Course Outline now lives in ECOS.
ECOS is UNSW's Enterprise Course Outline Solution.
The course is broken down into several topics:
See the course schedule on the timetable page .
This course is based around a fictional organisation known as QuoccaCorp . Much of the course work and assessment will be based around this organisation.
The assessment breakdown will be as follows:
The details of each of these can be seen in the sections below.
During each topic there will be a series of technical challenges to be completed. These are completed by way of discovering flags (strings which look like
COMP6443{.+?}
, unless otherwise specified) by interacting and crafting malformed requests to a website on our challenge platform - *.quoccacorp.com.
You are encouraged to work in groups to complete the challenges (which will be formed in your first tutorial) but each student must submit their own 'flags' and are marked separately. Flags can be submitted to CTFd .
Please keep a personal copy of the flags you have found in case the server crashes (although this is unlikely to happen).
Twice in the trimester (Tuesday of Week 7 and Week 11) a written report is to be submitted on your findings against QuoccaCorp. This work is to be conducted in groups of 3 from your tutorial, and the report is assessed as a group. These will be submitted via Moodle.
You can find more information about these assessments here (Link TODO).
There will be a final exam, consisting of three equally weighted parts (A, B and C). More detail will be provided at a later date on the exam page.
In addition, there is a midterm exam. The mark you get in Part A of the final exam is the maximum of your midterm mark and your true mark in Part A. In other words,
final_exam_mark = max(part_a_mark, midterm_exam_mark) + part_b_mark + part_c_mark
. As a result, if you are happy with your midterm mark, you can skip Part A of the final for more time in Parts B and C.
Web Application Security and Testing is unique in that it is one of the only courses at UNSW that has heavy industry involvement. Several of the extended lecturers are professionals working in the security industry. Several tutorials are conducted by a tutor who is currently working in the industry. The intent is to give you as realistic an experience of cybersecurity so to better prepare you for work in the industry. Many of the industry partners have volunteered their time and spend many weeks preparing. Please be courteous, polite, and thank them for their time.
Tutorials are included in this course to assist with your learning. These sessions function like workshops, with some time allocated to go over the content and class discussion, then other time allocated to work on your weekly challenges in your working groups. Unlike previous tutorials you may have experienced at the university, there is a heavy focus on collaboration and peer-learning. You are encouraged to show your findings to your fellow students, engage in discussions, and interact with your fellow students.
A schedule of tutorials can be found on the timetable page .
You have been granted limited permission to perform penetration testing on infrastructure hosted by this course. For full details, including exceptions that you should be aware of, see Ethics Policy and Scope .
Resource created 4 months ago, last modified 2 months ago.