Web Communication & Information Systems PT
Apply Icon

Web Security

level of course unit

second cycle, Master

Learning outcomes of course unit

Once this course has been completed the students will have detailed knowledge of security concepts on the client and server sides and on the transport level for web applications.
The students will learn about the most important cryptographic processes both in theory and practice and will be able to apply these specifically in a web environment. Continuing from there, the students will acquire detailed knowledge of current methods of attack and how to avoid them in various web application areas (e.g. e-commerce).

prerequisites and co-requisites

not applicable

course contents

In this integrated course, instruction is given in the basics of security on the web as follows: cryptographic processes; security in transport protocols (HTTPS, SSL and TLS (PKI, certificate, . . .); installation and configuration of a secure web server; security concepts in website programming (XSS cross site scripting, Javascript, DOM manipulation);
cross site request forgery; injection flows; SQL injection; other injections (shell script, XML, . . .); insecure authentication and session management; TCP/IP security-relevant topics (spoofing, hijacking, sequence number guessing, denial-of-service attacks, . . .)

recommended or required reading

- Andre Wussow: Web Security Programmierhandbuch, entwickler.Press, Auflage: 1; ISBN-10: 3939084514, 700 Seiten, 2009;
- Christoph Kern, Anita Kesavan, Neil Daswani: Foundations of Security: What Every Programmer Needs to Know (Expert's Voice), Apress; 1 edition, 2007, ISBN-10: 1590597842, 320 Seiten;
- Peter Mell, Karen Scarfone, Sasha Romanosky: A complete Guide to the common vulnerability scoring system version 2.0;

assessment methods and criteria

final examination

language of instruction


number of ECTS credits allocated


course-hours-per-week (chw)


planned learning activities and teaching methods

Lecture, group work, presentation and task discussion

semester/trimester when the course unit is delivered


name of lecturer(s)

Mandy Balthasar_nbl, BA, MSc

year of study


recommended optional program components

not applicable

course unit code


type of course unit

compulsory (integrated lecture)

mode of delivery

In-class course

work placement(s)

not applicable