- Open Web Application Security Project (OWASP)
- Injection
- XSS
- Authentication Flaws
- Authorization Flaws
- Cryptographic Failures
- Insecure Dependencies & Configuration
- Software & Data Integrity Failures
- Secure Development Lifecycle
- Fridays, 12:30 - 15:00
- 9 lectures (05.08. - 30.09.22)
- 100% via ZOOM (invite distributed via email/calendar)
- 04.10.2022 (90min)
- 09:15 - 10:45 / Audimax
⚠️ Covers topics from both semesters- ❎ Adjourning the exam is discouraged
To perform the exercises on your private computer you need
ℹ️ On the university computers Node.js should already
be available. You can verify this by running node -v on the command
line. It should display a 14.x (or higher) version.
💻 You can always fall back to your personal laptop for the exercises as it should be free from virtualization, proxying or installation hurdles!
- OWASP: OWASP Top 10 - 2021
- OWASP: OWASP Cheat Sheet Series
- Kimminich: Pwning OWASP Juice Shop, 2022
- Stuttard, Pinto: The Web Application Hacker's Handbook 2, 2011
- Zalewski: The Tangled Web: A Guide to Securing Modern Web Applications, 2011
- Zalewski, Heiderich: Tangled Web - Der Security-Leitfaden für Webentwickler, 2012 (:de:)
Curated list of Web Security materials and resources.
