Text auf Deutsch

Web Application Security

Course only in German

Hours per Week:

4

Credit Points:

5

Prerequisites:

  • Principles of programming (lecture 'Programmieren', 1st and 2nd semester)
  • Basic knowledge about computer networks and distributed applications (lecture 'Rechnerkommunikation', 4th semester)

Type of Course:

Lecture with hand-on exercise sessions

Frequency (WS/SS):

Wintersemester

Work Load:

150 hours:
65 hours attendance in class,
45 hours for the study of research papers,
40 hours wrap-up and preparations for the exam.

Study Programme Goals:

Enhancement and specialization of knowledge and hands-on skills in the area of applied software technology with emphasis on secure software systems.

Course Goals:

Developing secure applications using current Web technologies and Web application architectures
Analyze principal attack scenarios, Pracitical exercise of selected attacks in a sandbox environment, Application of techniques for manual and automated identification of web application vulnerabilities and assessment of results

Key Qualifications:

Assessment of security vulnerabilities in web applications

Course Contents:

Threats and attacks: (with hands-on exercises)
  • OWASP Top-10
  • Injection attacks
  • Input vaildation
  • Cross-site attacks
Countermeasures
  • Web application firewalls (WAF)
  • Techniques for automated security assessment

Literature:

  • Sverre Huseby, Innocent Code: A Security Wake-Up Call for Web Programmers
  • The Open Web Application Security Project: http://www.owasp.org
  • Web Application Exploits and Defenses: http://google-gruyere.appspot.com/

Comments:

This will be a hands-on course where we will write and test code in class.
Parts of this course will be held in blocks on Saturdays.

see german. 
 

Assessment/Examination:

Oral examination (20 minutes).

Admission Requirement:

 

Lecturer(s):

Prof. Dr. Trommler / Reinhardt





TH Nürnberg
Fakultät Informatik
Webmaster-IN



Root- Zertifikat

© 2018 Fakultät Informatik