course: Web-and Browser-Security

number:
141249
teaching methods:
lecture with tutorials
media:
overhead transparencies, computer based presentation
responsible person:
Prof. Dr. Jörg Schwenk
Lecturers:
Dr.-Ing. Mario Heiderich (ETIT), Dr.-Ing. Dennis Felsch (ETIT), M. Sc. Simon Rohlmann (ETIT)
language:
english
HWS:
4
CP:
5
offered in:
winter term

dates in winter term

  • lecture: Tuesday the 23.02.2021 from 09:00 to 17.00 o'clock in ID 03/445
  • lecture: Wednesday the 24.02.2021 from 09:00 to 17.00 o'clock in ID 03/445
  • lecture: Thursday the 25.02.2021 from 09:00 to 17.00 o'clock in ID 03/445
  • lecture: Tuesday the 02.03.2021 from 09:00 to 17.00 o'clock in ID 03/445
  • lecture: Wednesday the 03.03.2021 from 09:00 to 17.00 o'clock in ID 03/445
  • lecture: Tuesday the 09.03.2021 from 09:00 to 17.00 o'clock in ID 03/445
  • lecture: Wednesday the 10.03.2021 from 09:00 to 17.00 o'clock in ID 03/445

Exams

Die Angaben zu den Prüfungsmodalitäten (im WiSe 2020/2021 | SoSe 2021) erfolgen vorbehaltlich der aktuellen Situation. Notwendige Änderungen aufgrund universitärer Vorgaben werden zeitnah bekanntgegeben.
Form of exam:written
Registration for exam:FlexNow
Date:17.03.2021
Begin:08:30
Duration:120min
Room : HIA
Die Angaben zu den Prüfungsmodalitäten (im WiSe 2020/2021 | SoSe 2021) erfolgen vorbehaltlich der aktuellen Situation. Notwendige Änderungen aufgrund universitärer Vorgaben werden zeitnah bekanntgegeben.
Form of exam:written
Registration for exam:FlexNow
Date:15.09.2021
Begin:14:30
Duration:120min
Room : HGD 30

goals

Upon successful completion of the module, students will have a comprehensive understanding of the technical aspects of web and browser security. They have acquired a comprehensive understanding of systems for complex web applications. Through independent considerations and their implementation in practical projects to improve network security, students prepare for their role in professional life. They can analyse new problems and develop new solutions. They can argue the benefits of the solutions they have developed.

content

The lecture is offered as a block event. The lecture is also suitable for students who have already heard XML- und Webservicesicherheit/Websicherheit and want to deepen their knowledge. However, this is not a requirement.

What to bring
  • A Laptop, OS doesn't matter
  • Working Internet Connection
Chapter One: History & Basics
  • The History of Web Security and Web Attacks
  • The History of Browsers
  • HTML, JavaScript, CSS
Chapter Two: HTTP, Server, SQLi
  • Attacks using HTTP and SSL/TLS
  • SQL Injections
  • Uploads
  • SSRF, XXE & XEE
Chapter Three: Cookies, Sessions, XSS
  • Cookies & Sessions
  • Same Origin Policy
  • Authentication & Authiorization
  • The Basics of Cross-Site Scripting
Chapter Four: Advanced XSS
  • Advanced XSS
  • mXSS and DOM Mutations
Chapter Five: Browsers & Beyond
  • The DOM
  • DOM Clobbering & DOM XSS
  • jQuery, Expression Injections, AngularJS
  • postMessage XSS
  • SVG
  • Flash Security
Chapter Six: Sandboxing & Random Bits
  • JavaScript Sandboxing
  • Stories from the Real World
  • The Human Factor

miscellaneous

Maximum number of participants: 30 students.

The enrollment for the course is active. The course is fully occupied. You can still request to enroll in order to be placed on a waiting list.

The exact schedule will be discussed with the lecturer at the first appointment.