Secure Web Applications Group

Description

In this two-week block lecture, we will cover many aspects of the Web’s security models and issues, both on the client and server side. To that end, the course introduces the most important client-side security mechanisms, shows how they evolved over time and what caveats they have. Moreover, the second half of the course then focusses on different server-side vulnerability classes and appropriate countermeasures to allow for secure server-side development. To increase exposure of the students to the topic, each afternoon will feature exercises corresponding to the lecture given in the mornings. Each lecture will also feature a presentation on state-of-the-art research for the covered topic, with the goal of an interactive discussion between lecturer and participants.

Exercise

For the exercises, students will be tasked with developing a Web application which is prone to the different vulnerabilities presented in the lecture. While the results will not be graded, participation is mandatory and students may only take part in the written exam if at least 70% of the exercise tasks were successfully finished.

Prerequisites

Since this lecture is a specialized lecture on Web security, prior knowledge in this area is required to participate in the course. Specifically, it is beneficial if you took part in the Hacking proseminar, but more importantly in the Introduction to Cybersecurity as well and/or Security lectures.

Number of Participants / Signing up

Registration for the course is closed.

Passing the course

For passing the course, the following minimal amount of points is needed:

• 70% of the points for the exercise must be achieved to be able to participate in the exam and
• 50% of the points from the final exam.

The final grade will only be determined by the exam.