Display language
To modulepage Generate PDF

#41124 / #1

Seit WiSe 2023/24




Seifert, Jean-Pierre


Schriftliche Prüfung


Fakultät IV

Institut für Softwaretechnik und Theoretische Informatik

34355100 FG S-Professur Security in Telecommunications

No information


TEL 16

Neef, Sebastian


Learning Outcomes

Students gain a comprehensive knowledge of the most common vulnerabilities in web applications. They are able to list diverse classes of vulnerabilities and distinguish the respective properties. As part of the integrated course, students develop practical attacks against the vulnerabilities and are able to derive ways to fix them. In addition, students will be able to assess the security of source code with respect to the vulnerabilities taught. The content taught aims to provide students with a solid basic knowledge and practical handling of web vulnerabilities so that they can be identified and proactively avoided in practice.


The module's learning content is based on the OWASP Top 10 and is designed to provide theoretical as well as practical knowledge of common web vulnerabilities. First, important basics and concepts (including HTTP, SOP, security headers, SSL/TLS) of web security are taught. The focus is on a selection of the most common client-side (including XSS, CSRF) and server-side (including SQL Injection, Command Injection) vulnerabilities.

Module Components


All Courses are mandatory.

Course NameTypeNumberCycleLanguageSWSVZ

Workload and Credit Points

Websecurity (UE):

Workload descriptionMultiplierHoursTotal
30.0h(~1 LP)

Websecurity (VL):

Workload descriptionMultiplierHoursTotal
Pre/post processing15.04.0h60.0h
90.0h(~3 LP)

Course-independent workload:

Workload descriptionMultiplierHoursTotal
No information1.060.0h60.0h
60.0h(~2 LP)
The Workload of the module sums up to 180.0 Hours. Therefore the module contains 6 Credits.

Description of Teaching and Learning Methods

The lecture takes place mainly in frontal teaching. The tutorial focuses on an interactive consolidation of the lecture material through a joint debriefing of the exercises and other practical examples. In addition, the exercises will be worked on regularly in small groups to enable individual learning of the material.

Requirements for participation and examination

Desirable prerequisites for participation in the courses:

- Sufficient programming skills to understand foreign source code in various programming languages. - Confident handling of Linux and the command line - Basic knowledge of the web (e.g. HTTP protocol, cookies, HTML/CSS/JS development) - Basic knowledge of networks, e.g. from the course "Computer Networks and Distributed Systems

Mandatory requirements for the module test application:

1. Requirement
[SECT] Websecurity Hausaufgaben

Module completion



Type of exam

Written exam




90 minutes

Duration of the Module

The following number of semesters is estimated for taking and completing the module:
1 Semester.

This module may be commenced in the following semesters:

Maximum Number of Participants

The maximum capacity of students is 30.

Registration Procedures

Completion of a survey on ISIS followed by selection of participants during the first week if needed.

Recommended reading, Lecture notes

Lecture notes

Availability:  unavailable


Electronical lecture notes

Availability:  unavailable



Recommended literature
The Tangled Web: A Guide to Securing Modern Web Applications - Book by Michał Zalewski
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws - Book by Dafydd Stuttard and Marcus Pinto
OWASP TOP 10 Project - https://owasp.org/www-project-top-ten/

Assigned Degree Programs

This module is used in the following Degree Programs (new System):

Studiengang / StuPOStuPOsVerwendungenErste VerwendungLetzte Verwendung
Informatik (B. Sc.)11WiSe 2023/24WiSe 2023/24
Technische Informatik (B. Sc.)11WiSe 2023/24WiSe 2023/24
Wirtschaftsinformatik (B. Sc.)22WiSe 2023/24WiSe 2023/24


No information