Secure Web Applications Group

Web Security SS 18

Lecture type Advanced lecture
Credits 6 CP
Instructor Dr.-Ing. Ben Stock
Time/Place Wednesday, 10-12, CISPA Lecture Hall
Language English
Registration via CMS


In this lecture, we cover many aspects of the Web’s security models and issues, both on the client and server side. To that end, the course first introduces the history and evolution of the Web platform and covers its most basic components, such as HTTP, HTML, and JavaScript. Based on this, we then cover client-side security policies (such as the Same-Origin Policy) and various client-side attacks, including countermeasures. The lecture then shifts focus to the server, introducing different types of flaws there. Finally, we round up the lecture with discussions on infrastructure security.


For the exercises, students will be tasked with answering theoretical questions as well as attack vulnerable applications. Moreover, they will develop their own applications (prone to different attacks) and develop fixes for these flaws.
The exact schedule for the exercises will be announced via CMS.
While the results will not be graded, participation is mandatory and students may only take part in the written exam if
  • at least 50% of the exercise tasks were successfully finished
  • and one each exercise sheet the students reach 25% of the available points.
Naturally, students on sick leave do not have to turn in their exercises. Moreover, students are allowed to not submit up to two sheets.


Since this lecture is a specialized lecture on Web security, prior knowledge in this area is required to participate in the course. Specifically, it is beneficial if you took part in the Hacking proseminar, but more importantly in the Introduction to Cybersecurity as well and/or Security lectures.

Number of Participants / Signing up

There currently is no enforced hard limit on the course. Students have to sign up via the CMS before or on April 11th to participate.

Passing the course/Grading

For admission to the exam, check above. Passing the exam requires at least 50% of the points. Students may take the backup exam to improve their grade. The final grade is only determined by the outcome of the exam(s).