Web applications security, as branch of secure software design, focuses on how to design and develop dependable and trustworthy web applications. Having completed this course the student will be able to participate in, and cooperate with, web application development teams with a goal to achieving appropriate levels of security for web products. It introduces students to Saltzer and Schroeder security design principles and how security can be integrated with the web application development lifecycle. The course covers common web vulnerabilities such as Cross-Site Scripting, Cross-site Request Forgery, SQL injection and more. Topics such as threat modeling, abuse cases and secure programming will be discussed as well.