Web Application Security

The course deals with typical IT security problems of and solutions for web pages, web applications and web services.

It is intended for computer science B.Sc. students that have chosen the focus area IT Security or for interested students that study MCD.


Web pages and applications are exposed to numerous threats. They can, however, be effectively protected by suitablye security controls. The course presents the results of the renowned project OWASP (Open Web Application Security Project), which publishes the so-called "Ten Most Critical Web Application Security Risks" on a regular basis. This includes attack vectors, which exploit the most critical vulnerabilities of web applications. On the other hand methods for verificaton of applications as well as proactively using protection controls are provided.

Additional Material

  • Lecture Slides
  • References
    • OWASP Top 10 - 2017
    • OWASP Top 10 Proactive Controls 2016
    • OWASP Application Security Verification Standard