course: Web-Security

number:
141245
teaching methods:
lecture with tutorials
media:
computer based presentation
responsible person:
Prof. Dr. Jörg Schwenk
Lecturers:
Prof. Dr. Jörg Schwenk (ETIT), M. Sc. Dennis Felsch (ETIT), M. Sc. Dominik Noß (ETIT)
language:
german
HWS:
4
CP:
5
offered in:

dates in winter term

  • start:

Exam

Form of exam:written
Registration for exam:FlexNow
Date:16.08.2019
Begin:14:30
Duration:120min
Room : HID

goals

Students have an understanding of the new security requirements and problems that arise from the use of web technologies.

content

The lecture deals with the security of web applications (part 1), web services (part 2) and single sign-on procedures (part 3).

Part 1: Security of Web Applications * HTTP, HTML, JavaScript, CSS * Same Origin Policy * Cross-site scripting (reflected, stored, DOM) * Countermeasures (Filter, Content Security Policy, DOMPurify) * CSRF and protection against CSRF * UI dressing

Part 2: Web application security * XML, XML Schema, XSLT, XPath * XML Signature * Signature wrapping attacks * XML Encryption, Attacks

Part 3: Security of Single Sign-On * Application scenarios of TLS * Security DNS * SAML * Microsoft Passport, XSS attack. * Generic attacks on SSO * Generic protection with TLS * OpenID, OAuth, OpenID Connect * Special attacks on SSO

requirements

keine

recommended knowledge

  • Basic knowledge of cryptography and HTML