course: Web-Security

number:
141245
teaching methods:
lecture with tutorials
media:
computer based presentation
responsible person:
Prof. Dr. Jörg Schwenk
Lecturers:
Prof. Dr. Jörg Schwenk (ETIT), Dr.-Ing. Dennis Felsch (ETIT), M. Sc. Dominik Noß (ETIT)
language:
german
HWS:
4
CP:
5
offered in:

dates in winter term

  • start:

goals

Students have an understanding of the new security requirements and problems that arise from the use of web technologies.

content

The lecture deals with the security of web applications (part 1), web services (part 2) and single sign-on procedures (part 3).

Part 1: Security of Web Applications * HTTP, HTML, JavaScript, CSS * Same Origin Policy * Cross-site scripting (reflected, stored, DOM) * Countermeasures (Filter, Content Security Policy, DOMPurify) * CSRF and protection against CSRF * UI dressing

Part 2: Web application security * XML, XML Schema, XSLT, XPath * XML Signature * Signature wrapping attacks * XML Encryption, Attacks

Part 3: Security of Single Sign-On * Application scenarios of TLS * Security DNS * SAML * Microsoft Passport, XSS attack. * Generic attacks on SSO * Generic protection with TLS * OpenID, OAuth, OpenID Connect * Special attacks on SSO

requirements

keine

recommended knowledge

  • Basic knowledge of cryptography and HTML