Web Security

Module Code
CS5308
Module Coordinator
  • Klaus-Dieter Quibeldey-Cirkel
Teacher
  • Klaus-Dieter Quibeldey-Cirkel
Short Description
This course introduces the security aspects of web sites and web applications. Methods of attacks are analyzed and counter methods implemented.
Learning Objectives

The students will be able to implement secure web applications concerning both technical and organizational aspects. In the context of practical quality assurance on a continuous inte-gration server, the students will evaluate the counter methods taken with the help of ""hacker tools"" and application-level logging.

Contents
  • Security leaks in web applications
  • OWASP risks
  • Security guidelines of the ""Bundesamt für Sicherheit in der Informationstechnik"" (BSI)
  • ""Hacker tools"" for achieving web security and their legal implications
  • Automated GUI tests
  • Web application firewalls
  • Intrusion detection and intrusion prevention systems
  • Duration in Semester
    1
    Instruction Language
    German
    Total Effort
    6 CrP; an estimated 180 hours, of which approximately 60 are spent in class.
    Weekly School Hours
    4
    Method of Instruction
    Lecture 1 sppw Practical Course 3 sppw
    Requirements for the awarding of Credit Points
    Project task
    Evaluation Standard
    according to examination regulations (§ 9)
    Availability
    Yearly
    References
    • M. Zalewski: Tangled Web - Der Security-Leitfaden für Webentwickler dpunkt.verlag
    • Bundesamt für Sicherheit in der Informationtechnik: Sicherheit von Webanwendungen: Maßnahmenkatalog und Best Practices www.bsi.de