- teaching methods:
- lecture with tutorials
- computer based presentation
- responsible person:
- Prof. Dr. Jörg Schwenk
- Prof. Dr. Jörg Schwenk (ETIT), Dr.-Ing. Dennis Felsch (ETIT), M. Sc. Dominik Noß (ETIT)
- offered in:
dates in winter term
Students have an understanding of the new security requirements and problems that arise from the use of web technologies.
The lecture deals with the security of web applications (part 1), web services (part 2) and single sign-on procedures (part 3).
Part 2: Web application security * XML, XML Schema, XSLT, XPath * XML Signature * Signature wrapping attacks * XML Encryption, Attacks
Part 3: Security of Single Sign-On * Application scenarios of TLS * Security DNS * SAML * Microsoft Passport, XSS attack. * Generic attacks on SSO * Generic protection with TLS * OpenID, OAuth, OpenID Connect * Special attacks on SSO
- Basic knowledge of cryptography and HTML