Modern web applications and web services usually consist of multiple layers. They are based on different (often complex) technologies that are constantly being developed. Their complexity is often the reason for new types of attacks that can be observed on the web every day.

In this lecture, we will focus on the most important technologies and learn what you have to consider while securing your web applications. We will introduce prominent and widespread attacks and show how to prevent them. These range from typical attacks from the OWASP Top 10 list, such as XSS or SQL Injection, to attacks on web services and Single Sign-On standards (e.g., on SAML and OpenID Connect). Based on many cases, we will learn what is important in the design and implementation of secure web applications.

Learning objectives

After successful completion, students have a comprehensive understanding of the technical aspects of web applications, web services, and various authentication mechanisms. They have learned that the web technologies used today are complex and that their complexity poses many security problems. Students have an overview of current web attacks and know how to prevent them practically.

Recommended proficiencies

Knowledge in programming, IT Security and basic knowledge in Cryptography

Learning material

• Lecture slides and video presentations
• Scientific articles

More information about the learning material and learning structure in this semester will be provided in PANDA. Please sign in for the course.