course: Web-and Browser-Security

teaching methods:
lecture with tutorials
overhead transparencies, computer based presentation
responsible person:
Prof. Dr. Jörg Schwenk
Dr.-Ing. Mario Heiderich (ETIT)
offered in:
winter term

dates in winter term

  • start:


Upon successful completion of the module, students will have a comprehensive understanding of the technical aspects of web and browser security. They have acquired a comprehensive understanding of systems for complex web applications. Through independent considerations and their implementation in practical projects to improve network security, students prepare for their role in professional life. They can analyse new problems and develop new solutions. They can argue the benefits of the solutions they have developed.


The lecture is offered as a block event. The lecture is explicitly also suitable for students who have already heard [XML- und Webservicesicherheit/Websichereit]( and want to deepen their knowledge.

Day One:
  • The History of Web Security and Web Attacks
  • The History of Browsers
  • The Very Basics, Charsets, Strings & URLs
Day Two:
  • Attacks using HTTP and SSL/TLS
  • Basic SQL Injections
  • Advanced SQL Injections
  • NoSQL Injections
Day Three:
  • Uploads and File Handling
  • Command Line Injections
  • Remote Code Executions
Day Four:
  • Cookies & Sessions
  • Authentication & Authorization
  • The Basics of Cross-Site Scripting
Day Five:
  • Advanced XSS
  • mXSS and DOM Mutations
  • Flash XSS
  • jQuery, Expression Injuections, AngularJS
Day Six:
  • WebWorker, Service Worker, WASM
  • postMessage & CORS
  • Browser Specific Attacks
  • SVG & XML Attacks
Day Seven:
  • Current and Future Attack Paths
  • General Best Practices
  • Stories from the Real World


Maximum number of participants: 30 students.

The planned dates for the lectures are:

  • Tue & Wed, 4.2.2020 and 5.2.2020
  • Tue & Wed, 11.2.2020 and 12.2.2020
  • Tue & Wed, 18.2.2020 and 19.2.2020
  • Tue, 25.2.2020

On each date 4 units of 90min each will be held (2 lectures/2 exercises). Start is 9:00 am, end approx. 17:00 pm. The exact plan will be discussed with the lecturer at the first appointment.

Written Exam: 3.3.2020