Secure Web Applications Group

Web Security SS 17

Lecture type Advanced lecture
Credits 6 CP
Instructor Dr.-Ing. Ben Stock, Prof. Dr. Michael Backes
Time/Place Aug 28 – Sep 8, E9.1, lecture hall
Language English


In this two-week block lecture, we will cover many aspects of the Web’s security models and issues, both on the client and server side. To that end, the course introduces the most important client-side security mechanisms, shows how they evolved over time and what caveats they have. Moreover, the second half of the course then focusses on different server-side vulnerability classes and appropriate countermeasures to allow for secure server-side development. To increase exposure of the students to the topic, each afternoon will feature exercises corresponding to the lecture given in the mornings. Each lecture will also feature a presentation on state-of-the-art research for the covered topic, with the goal of an interactive discussion between lecturer and participants.


For the exercises, students will be tasked with developing a Web application which is prone to the different vulnerabilities presented in the lecture. While the results will not be graded, participation is mandatory and students may only take part in the written exam if at least 70% of the exercise tasks were successfully finished.


Since this lecture is a specialized lecture on Web security, prior knowledge in this area is required to participate in the course. Specifically, it is beneficial if you took part in the Hacking proseminar, but more importantly in the Introduction to Cybersecurity as well and/or Security lectures.

Number of Participants / Signing up

Registration for the course is closed.

Passing the course

For passing the course, the following minimal amount of points is needed:
  • 70% of the points for the exercise must be achieved to be able to participate in the exam and
  • 50% of the points from the final exam.
The final grade will only be determined by the exam.

The endterm exam will take place Tuesday, September 26 from 10am and 12pm (s.t., in E1.3 HS001/HS002HS002/HS003).

The backup exam will take place Tuesday, October 10 from 2pm and 4pm (s.t., in E1.3 HS001/HS003).

Due to a conflict with another exam, the backup has been moved to October 11 from 3pm to 5pm (s.t., in E1.3 HS001/HS003).