COEN 351 Spring 2009
Syllabus Instructor Lecture Notes Homework Final Prep
Sample Final

In order to avoid duplication of contents, COEN 351 will be a practical course, whereas COEN 350 (Network Security) will explore theoretical issues deeper. Both courses together should leave the student with good theoretical and practical knowledge to implement a secure e-commerce site. In order to be self-contained, COEN 351 and COEN 350 will share some Nevertheless, COEN 351 will be essentially self-contained, merely assuming that students have acquired some maturity as a programmer. If a student does not know PERL or PHP, they will learn a smattering of it. Students with practical experience are encouraged to develop a project on their own.

Students are invited to collaborate heavily on the practical part and to test each others systems. However, the homeworks and of course the final should be individual with the exception of more practical homework problems, were collaboration is encouraged and allowed, but needs to be indicated on the hand-in.


Theoretical Issues

E-Commerce Overview   Session 1
E-Commerce Legal Issues
  • Contracts
  • Signatures
  • Pecularities of E-contracts
Session 1
  • Overview

  • Symmetric / Asymmetric Encryption

Session 2
Internet Security Protocols
  • AuthenticationIPSec

  • SSL
  • SSH
  • VPN
  • Firewalls
Session 3
  • Public Key Certificates Concepts
  • Public Key Infrastructure
  • X.509
  • Public Key Infrastructure
  • Certification Policies and Practices
Session 4
Legal Issues Revisited
  • Contracts Revisited
  • Important Laws:
    • Certification and Accreditation
    • Patriot Act
    • Federal Properties and Administration Service Act
    • Legal Issues which can affect Information Assurance
    • National Archives and Records Act
    • Computer Fraud and Abuse Act
    • Freedom of Information Act
    • Privacy Act
    • USA Patriot Act, GPEA, Paperwork Reduction Act
    • E-government Act of 2002, Federal Information Security Management Act
    • Electronic Records Management and Federal Records Act
Session 5
Non-Repudiation   Session 6
Web-Based Security Threats
  • Web Languages
  • Shopping carts and Payment Gateway Architecture
  • Hyper Text Transfer Protocol HTTP
  • URL, URL exploits
  • Web-applications
  • Information Leakage from webpages
  • Site Crawling
  • Attacks: Website Defacing, E-shoplifting, Database access, Java remote command execution, Impersonation, Buffer Overflow
  • Web Hacking Tools, Worms, IDS avoidance
Session 7-10

Practical Issues

Installing Perl and Apache
  • Apache Server
  • Perl
  • IIS (Windows)
Session 1
Perl and CGI Basics Calling CGI scripts. HTML, HTTP basics Session 2
PHP Scripting Introduction Loops, functions, types, arrays, strings Session 2
Perl and CGI Basics Forms and Input Session 3
PHP 5 Object Oriented Design Session 3
SQL and MySQL Database and query basics Session 3
Perl and CGI Basics CGI.PM module Session 4-7
  PEAR, Validation in PHP, PHP Sessions Session 5
CGI security   Session 8
Cookies and Session State   Session 9
    Session 10


Homework 20%
Final 40%
Project 40%


You are to build a stateful e-commerce site on a system of your choice (Laptop, Apache preferred). For an A, provide SSL connectivity or some other advanced feature. See the proposed project time table.


To request academic accommodations for a disability, students must contact Disabilities Resources located on the second floor of Benson. Phone numbers are (408) 554-4111; TTY (408)554-5445. Students must register and provide documentation of a disability to Disabilities Resources prior to receiving academic accommodations.

Text Books


Warwick Ford, Michael S. Baum: Secure Electronic Commerce, 2nd Edition, Prentice Hall (PTR), 2001.

This is a book that is showing its age, but it is the only good introduction to some of the legal issues that we need to cover.

Gunther Birznieks, Scott Guelich, Shishir Gundavaram: CGI Programming with Perl (Paperback). O'Reilly, 2nd Edition

or one of the many good PHP books from O'Reilly. (I have at least four.)

Further Suggestions:

A CGI book

Either a Java security book or a .Net cryptography book


Helpful Reading:

Books on a scripting language such as Perl, PHP, ...

Dynamic weblanguage such as ASP.

Stuart McClure, Saumil Shah, Shreeraj Shah: Web Hacking, Addison Wesley, 2003.

2009 Thomas Schwarz, S.J., COEN, SCU SCU COEN COEN351 T. Schwarz
These documents are not intended for dissemination beyond SCU.        CAVEAT LECTOR