Web Apps is Back!

COMP6443 Web Application Security and Testing is back for 2018!

Starting on Tuesday February 27 and running for 13 weeks, SECedu welcomes back adjunct lecturers Norman Yue and Abhijeth Dugginapeddi from CommBank for round two of web exploitation and advanced inspect element.

Current student Sean Yeoh will be lecturing the extended stream and the course will be supported by Glenn McGuire, Cameron Lonsdale, Bruce Hely, Carey Li and former student Glen Carmichael.


This semester, you're all welcome to join us for the ride! We will be running two streams of the course, standard and extended, and the first assignment is already live! This assignment will help you determine which stream is most suitable for you! To sign up, please join our OpenLearning page:

From there, choose /6443 from the main menu and on to 'Assignment 0'.

The course will be split into two parts, build and break. We will be releasing weekly activities and lecture videos so you can play from home. Content covered over the semester includes:

  • Reconnaissance
  • Authentication
  • Session management
  • Access control
  • Client-side attacks, such as cross-site scripting
  • Server-side attacks, such as SQL injection
  • Common web service vulnerabilities

For extended students, additional course content covered includes:

  • Advanced Asset Discovery
  • Sandbox Escapes for Cross-site Scripting (XSS)
  • Server-side Request Forgery (SSRF)
  • XML External Entity (XXE)
  • Same Origin Policy (SOP) bypass, Content Security Policies (CSP) and Cross-site Scripting header protections
  • Single Sign On (SSO), OAuth and Security Assertion Markup Language (SAML)
  • Mobile Security
  • Advanced Injection
  • Amazon Web Services (AWS) and Cloud

If you’d like to join us in person for the lectures, the standard stream runs from 6pm to 8pm and extended stream from 8pm to 9pm on Tuesday evenings in Civ Eng 109 at the UNSW Kensington Campus.

All Australian University students should join us on Slack to discuss all things security and join the #webapps channel to help each other through the course!