This document contains conceptual exercises and programming problems related to security for a SimpleWebServer application. The conceptual exercises ask about the relationship between authentication and authorization and about threats posed by allowing file uploads. The programming problems involve modifying the application to include file storage and logging functionality, mounting an attack to deface a home page, and mounting another attack to gain root access on the system running the server while covering tracks in the web log.