Text auf Deutsch

Web Application Security

Course only in German

Hours per Week:


Credit Points:



  • Principles of programming (lecture 'Programmieren', 1st and 2nd semester)
  • Basic knowledge about computer networks and distributed applications (lecture 'Rechnerkommunikation', 4th semester)

Type of Course:

Lecture with hand-on exercise sessions

Frequency (WS/SS):


Work Load:

150 hours:
65 hours attendance in class,
45 hours for the study of research papers,
40 hours wrap-up and preparations for the exam.

Study Programme Goals:

Enhancement and specialization of knowledge and hands-on skills in the area of applied software technology with emphasis on secure software systems.

Course Goals:

Developing secure applications using current Web technologies and Web application architectures
Analyze principal attack scenarios, Pracitical exercise of selected attacks in a sandbox environment, Application of techniques for manual and automated identification of web application vulnerabilities and assessment of results

Key Qualifications:

Assessment of security vulnerabilities in web applications

Course Contents:

Threats and attacks: (with hands-on exercises)
  • OWASP Top-10
  • Injection attacks
  • Input vaildation
  • Cross-site attacks
  • Web application firewalls (WAF)
  • Techniques for automated security assessment


  • Sverre Huseby, Innocent Code: A Security Wake-Up Call for Web Programmers
  • The Open Web Application Security Project: http://www.owasp.org
  • Web Application Exploits and Defenses: http://google-gruyere.appspot.com/


This will be a hands-on course where we will write and test code in class.
Parts of this course will be held in blocks on Saturdays.

see german. 


Oral examination (20 minutes).

Admission Requirement:



Prof. Dr. Trommler / Reinhardt

TH Nürnberg
Fakultät Informatik

Root- Zertifikat

© 2019 Fakultät Informatik