ENLIGHT Courses

Web Security

This is a hands-on course that covers the most common web application vulnerabilities, their exploitation and mitigation techniques. Every lecture includes homework, typically involving exploiting and fixing vulnerabilities. Students are expected to have basic skills in web application development (HTML, JavaScript and PHP).

About the course

Content

The course covers web architecture, HTTP/HTTPS, browser security policies, and major web vulnerabilities such as XSS, CSRF, and SQL injection. It also addresses secure authentication, access control, tracking and fingerprinting, UI attacks, browser extensions, bot detection, and server-side flaws. Practical defence strategies are discussed throughout.

Learning outcomes

At the end of the course, students will be able to:

  • Identify, exploit, and mitigate common web vulnerabilities (XSS, CSRF, SQLi).
  • Understand key web security concepts and protocols (HTTP, cookies, SOP, CSP).
  • Apply security best practices in authentication, authorization, and session management.
  • Analyze browser behaviors, tracking methods, and server-side vulnerabilities.
  • Use developer and security tools to evaluate and improve web application security.

Teaching methods

The course is 100% web-based and can be completed asynchronously.

The course consists of pre-recorded online lectures and homework tasks. The list of independent work will be given in the lectures.
The use of AI tools for assignments is prohibited.

Programme

Topics to be covered:
1. Web, HTTP protocol, HTTPS, Cookies
2. Same-Origin Policy (SOP)
3. Cross-Site Request Forgery (CSRF)
4. Cross-Site Scripting (XSS)
5. Content Security Policy (CSP)
6. User Interface (UI) attacks
7. Tracking and fingerprinting
8. Browser extensions
9. Bots and CAPTCHAs
10. Authentication and session management
11. Authorization
12. SQL Injection (SQLi)
13. Server-side vulnerabilities
14. Server-side vulnerabilities 2
15. Attack detection and prevention

Assessment

Differentiated (A, B, C, D, E, F, not present)
Final grade consists of homework (70%) and test (30%).
The test is optional and cannot be retaken.

Lecturers

Arnis Paršovs

Course dates

This course takes place in the second semester of the academic year 2025-2026. It starts 09.02.2026 and runs until the last week of May.
This is 100% self-learning course with weekly homework deadlines. Info on course schedule is available HERE.
ENLIGHT students will be able to take the test remotely via Internet on May 26, 16:00-18:00 (Estonian time UTC+3h).

  • Entry requirements: basic skills in web application development (HTML, JavaScript and PHP)
  • Type: virtual course
  • Level: Bachelor, Master, PhD
  • Host: University of Tartu
  • Focus area: Digitalisation
  • Study Field: Science and Technology
  • Course dates: 9 Feb - 26 May 2026
  • Apply by: 26 January 2026
  • ECTS: 6
  • Registration status: Open
  • Number of places available: unlimited

Filter