Prerequisite(s): CSIT 540. This course examines various threats faced by Web applications and Web sites, and solutions to keep them secure. Topics include: HTTP and Web application technologies, core defense mechanisms, mapping web applications, bypassing client-side controls, attacking authentication, attacking session management, attacking access controls, injecting code, exploiting path traversal, attacking application logic, attacking other users, automating bespoke attacks, exploiting information disclosure, attacking compiled applications, attacking application architecture, attacking Web servers, and finding vulnerabilities in web application source code.