course: Web-and Browser-Security

number:
141249
teaching methods:
lecture with tutorials
media:
overhead transparencies, computer based presentation
responsible person:
Prof. Dr. Jörg Schwenk
Lecturers:
Dr.-Ing. Mario Heiderich (ETIT), Dr.-Ing. Dennis Felsch (ETIT)
language:
english
HWS:
4
CP:
5
offered in:
winter term

dates in winter term

  • lecture: Tuesday the 04.02.2020 from 09:00 to 17.00 o'clock in ID 03/463
  • lecture: Wednesday the 05.02.2020 from 09:00 to 17.00 o'clock in ID 03/463
  • lecture: Tuesday the 11.02.2020 from 09:00 to 17.00 o'clock in ID 03/463
  • lecture: Wednesday the 12.02.2020 from 09:00 to 17.00 o'clock in ID 03/463
  • lecture: Tuesday the 18.02.2020 from 09:00 to 17.00 o'clock in ID 03/463
  • lecture: Wednesday the 19.02.2020 from 09:00 to 17.00 o'clock in ID 03/463
  • lecture: Tuesday the 25.02.2020 from 09:00 to 17.00 o'clock in ID 03/463
  • lecture: Wednesday the 26.02.2020 from 09:00 to 17.00 o'clock in ID 03/455

Exam

All statements pertaining to examination modalities (for the summer/winter term of 2020) are given with reservations. Changes due to new requirements from the university will be announced as soon as possible.
Form of exam:written
Registration for exam:FlexNow
Date:19.08.2020
Begin:08:30
Duration:120min
Room : ID 04/413

goals

Upon successful completion of the module, students will have a comprehensive understanding of the technical aspects of web and browser security. They have acquired a comprehensive understanding of systems for complex web applications. Through independent considerations and their implementation in practical projects to improve network security, students prepare for their role in professional life. They can analyse new problems and develop new solutions. They can argue the benefits of the solutions they have developed.

content

The lecture is offered as a block event. The lecture is explicitly also suitable for students who have already heard XML- und Webservicesicherheit/Websicherheit and want to deepen their knowledge.

What to bring
  • A Laptop, OS doesn't matter
  • Working Internet Connection
Chapter One: History & Basics
  • The History of Web Security and Web Attacks
  • The History of Browsers
  • HTML, JavaScript, CSS
Chapter Two: HTTP, Server, SQLi
  • Attacks using HTTP and SSL/TLS
  • SQL Injections
  • Uploads
  • SSRF, XXE & XEE
Chapter Three: Cookies, Sessions, XSS
  • Cookies & Sessions
  • Same Origin Policy
  • Authentication & Authiorization
  • The Basics of Cross-Site Scripting
Chapter Four: Advanced XSS
  • Advanced XSS
  • mXSS and DOM Mutations
Chapter Five: Browsers & Beyond
  • The DOM
  • DOM Clobbering & DOM XSS
  • jQuery, Expression Injections, AngularJS
  • postMessage XSS
  • SVG
  • Flash Security
Chapter Six: Sandboxing & Random Bits
  • JavaScript Sandboxing
  • Stories from the Real World
  • The Human Factor

miscellaneous

Maximum number of participants: 30 students. The registration is closed.

The planned dates for the lectures are:

  • Tue & Wed, 4.2.2020 and 5.2.2020
  • Tue & Wed, 11.2.2020 and 12.2.2020
  • Tue & Wed, 18.2.2020 and 19.2.2020
  • Tue, 25.2.2020

On each date 4 units of 90min each will be held (2 lectures/2 exercises). Start is 9:00 am, end approx. 17:00 pm. The exact plan will be discussed with the lecturer at the first appointment.

Written Exam: 4.3.2020