Moses - Websecurity

Display language

To modulepage Generate PDF

Module / Version:
#41124 / #1

Validity:
Seit WiSe 2023/24

Default display language:
German

Module title:
Websecurity

Credits:
6

Responsible person:
Seifert, Jean-Pierre

Grading:
benotet

Type of exam:
Schriftliche Prüfung

Zugehörigkeit

Faculty:
Fakultät IV

Institute:
Institut für Softwaretechnik und Theoretische Informatik

Area of expertise:
34355100 FG S-Professur Security in Telecommunications

Prüfungsausschuss:
No information

Kontakt

Office:
TEL 16

Contact person:
Neef, Sebastian

E-mail address:
lehre@sect.tu-berlin.de

Website:

https://www.tu.berlin/sect

Learning Outcomes

Students gain a comprehensive knowledge of the most common vulnerabilities in web applications. They are able to list diverse classes of vulnerabilities and distinguish the respective properties. As part of the integrated course, students develop practical attacks against the vulnerabilities and are able to derive ways to fix them. In addition, students will be able to assess the security of source code with respect to the vulnerabilities taught. The content taught aims to provide students with a solid basic knowledge and practical handling of web vulnerabilities so that they can be identified and proactively avoided in practice.

Content

The module's learning content is based on the OWASP Top 10 and is designed to provide theoretical as well as practical knowledge of common web vulnerabilities. First, important basics and concepts (including HTTP, SOP, security headers, SSL/TLS) of web security are taught. The focus is on a selection of the most common client-side (including XSS, CSRF) and server-side (including SQL Injection, Command Injection) vulnerabilities.

Module Components

Pflichtgruppe:

All Courses are mandatory.

Course Name	Type	Number	Cycle	Language	SWS	VZ
Websecurity	UE		WiSe	German	2
Websecurity	VL		WiSe	German	2

Workload and Credit Points

Websecurity (UE):

Workload description	Multiplier	Hours	Total
Attendance	15.0	2.0h	30.0h
			30.0h(~1 LP)

Websecurity (VL):

Workload description	Multiplier	Hours	Total
Attendance	15.0	2.0h	30.0h
Pre/post processing	15.0	4.0h	60.0h
			90.0h(~3 LP)

Course-independent workload:

Workload description	Multiplier	Hours	Total
No information	1.0	60.0h	60.0h
			60.0h(~2 LP)

The Workload of the module sums up to 180.0 Hours. Therefore the module contains 6 Credits.

Description of Teaching and Learning Methods

The lecture takes place mainly in frontal teaching. The tutorial focuses on an interactive consolidation of the lecture material through a joint debriefing of the exercises and other practical examples. In addition, the exercises will be worked on regularly in small groups to enable individual learning of the material.

Requirements for participation and examination

Desirable prerequisites for participation in the courses:

- Sufficient programming skills to understand foreign source code in various programming languages. - Confident handling of Linux and the command line - Basic knowledge of the web (e.g. HTTP protocol, cookies, HTML/CSS/JS development) - Basic knowledge of networks, e.g. from the course "Computer Networks and Distributed Systems

Mandatory requirements for the module test application:

1. Requirement

[SECT] Websecurity Hausaufgaben

Module completion

Grading

graded

Type of exam

Written exam

Language

German

Duration/Extent

90 minutes

Duration of the Module

The following number of semesters is estimated for taking and completing the module:
1 Semester.

This module may be commenced in the following semesters:
Wintersemester.

Maximum Number of Participants

The maximum capacity of students is 30.

Registration Procedures

Completion of a survey on ISIS followed by selection of participants during the first week if needed.

Recommended literature
The Tangled Web: A Guide to Securing Modern Web Applications - Book by Michał Zalewski
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws - Book by Dafydd Stuttard and Marcus Pinto
OWASP TOP 10 Project - https://owasp.org/www-project-top-ten/

Assigned Degree Programs

Semester:

Zeige auch ausgelaufene Studiengänge und StuPOs

This module is used in the following Degree Programs (new System):

Studiengang / StuPO	StuPOs	Verwendungen	Erste Verwendung	Letzte Verwendung
Informatik (B. Sc.)	1	2	WiSe 2023/24	SoSe 2024
Technische Informatik (B. Sc.)	1	2	WiSe 2023/24	SoSe 2024
Wirtschaftsinformatik (B. Sc.)	2	4	WiSe 2023/24	SoSe 2024

Miscellaneous

No information

Websecurity