Text auf Deutsch

Web Application Security

Course only in German

Hours per Week:


Credit Points:



  • Principles of programming (lecture 'Programmieren', 1st and 2nd semester)
  • Basic knowledge about computer networks and distributed applications (lecture 'Rechnerkommunikation', 4th semester)

Type of Course:

Lecture with hand-on exercise sessions

Frequency (WS/SS):


Work Load:

150 hours:
65 hours attendance in class,
45 hours for the study of research papers,
40 hours wrap-up and preparations for the exam.

Study Programme Goals:

Enhancement and specialization of knowledge and hands-on skills in the area of applied software technology with emphasis on secure software systems.

Course Goals:

Knowing and exercising current web technologies, Knowing web application architectures
Knowing principal attack scenarios, Pracitical exercise of selected attacks in a sandbox environment, Application of techniques for manual and automated identification of web application vulnerabilities

Key Qualifications:

Assessment of security vulnerabilities in web applications

Course Contents:

Threats and attacks: (with hands-on exercises)
  • Overview: OWASP Top-10
  • Injection attacks
  • Input vaildation
  • Cross-site attacks
  • Web application firewalls (WAF)
  • Techniques for automated security assessment


  • Sverre Huseby, Innocent Code: A Security Wake-Up Call for Web Programmers
  • The Open Web Application Security Project: http://www.owasp.org
  • Web Application Exploits and Defenses: http://google-gruyere.appspot.com/


This will be a hands-on course where we will write and test code in class. Participants should do the practical part of the course in pairs.
Parts of this course will be held in blocks on Saturdays.

see german. 


Oral examination (20 minutes).


Prof. Dr. Trommler / Reinhardt

TH Nürnberg
Fakultät Informatik

Root- Zertifikat

© 2017 Fakultät Informatik