Display language
To modulepage Generate PDF

#41124 / #1

Seit WiSe 2023/24

German

Websecurity

6

Seifert, Jean-Pierre

benotet

Schriftliche Prüfung

Zugehörigkeit


Fakultät IV

Institut für Softwaretechnik und Theoretische Informatik

34355100 FG S-Professur Security in Telecommunications (SecT)

No information

Kontakt


E 5

Neef, Sebastian

lehre@sect.tu-berlin.de

Learning Outcomes

Students gain a comprehensive knowledge of the most common vulnerabilities in web applications. They are able to list diverse classes of vulnerabilities and distinguish the respective properties. As part of the integrated course, students develop practical attacks against the vulnerabilities and are able to derive ways to fix them. In addition, students will be able to assess the security of source code with respect to the vulnerabilities taught. The content taught aims to provide students with a solid basic knowledge and practical handling of web vulnerabilities so that they can be identified and proactively avoided in practice.

Content

The module's learning content is based on the OWASP Top 10 and is designed to provide theoretical as well as practical knowledge of common web vulnerabilities. First, important basics and concepts (including HTTP, SOP, security headers, SSL/TLS) of web security are taught. The focus is on a selection of the most common client-side (including XSS, CSRF) and server-side (including SQL Injection, Command Injection) vulnerabilities.

Module Components

Pflichtgruppe:

All Courses are mandatory.

Course NameTypeNumberCycleLanguageSWS ISIS VVZ
WebsecurityUEWiSeGerman2
WebsecurityVLWiSeGerman2

Workload and Credit Points

Websecurity (UE):

Workload descriptionMultiplierHoursTotal
Attendance15.02.0h30.0h
30.0h(~1 LP)

Websecurity (VL):

Workload descriptionMultiplierHoursTotal
Attendance15.02.0h30.0h
Pre/post processing15.04.0h60.0h
90.0h(~3 LP)

Course-independent workload:

Workload descriptionMultiplierHoursTotal
No information1.060.0h60.0h
60.0h(~2 LP)
The Workload of the module sums up to 180.0 Hours. Therefore the module contains 6 Credits.

Description of Teaching and Learning Methods

The lecture takes place mainly in frontal teaching. The tutorial focuses on an interactive consolidation of the lecture material through a joint debriefing of the exercises and other practical examples. In addition, the exercises will be worked on regularly in small groups to enable individual learning of the material.

Requirements for participation and examination

Desirable prerequisites for participation in the courses:

- Sufficient programming skills to understand foreign source code in various programming languages. - Confident handling of Linux and the command line - Basic knowledge of the web (e.g. HTTP protocol, cookies, HTML/CSS/JS development) - Basic knowledge of networks, e.g. from the course "Computer Networks and Distributed Systems

Mandatory requirements for the module test application:

1. Requirement
[SECT] Websecurity Hausaufgaben

Module completion

Grading

graded

Type of exam

Written exam

Language

German

Duration/Extent

90 minutes

Duration of the Module

The following number of semesters is estimated for taking and completing the module:
1 Semester.

This module may be commenced in the following semesters:
Wintersemester.

Maximum Number of Participants

The maximum capacity of students is 30.

Registration Procedures

Completion of a survey on ISIS followed by selection of participants during the first week if needed.

Recommended reading, Lecture notes

Lecture notes

Availability:  unavailable

 

Electronical lecture notes

Availability:  unavailable

 

Literature

Recommended literature
The Tangled Web: A Guide to Securing Modern Web Applications - Book by Michał Zalewski
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws - Book by Dafydd Stuttard and Marcus Pinto
OWASP TOP 10 Project - https://owasp.org/www-project-top-ten/

Assigned Degree Programs


This module is used in the following Degree Programs (new System):

Studiengang / StuPOStuPOsVerwendungenErste VerwendungLetzte Verwendung
Informatik (B. Sc.)13WiSe 2023/24WiSe 2024/25
Technische Informatik (B. Sc.)13WiSe 2023/24WiSe 2024/25
Wirtschaftsinformatik (B. Sc.)26WiSe 2023/24WiSe 2024/25

Miscellaneous

No information