[ Home ] [ Slides ] [ Examples ] [ Exercises ] [ Resources ]

Web Security

Dr. Emmanuel Benoist,
mail: emmanuel(at)benoist.ch

Homework for the retake examination:
Secure an application for giving the marks at the University

Subject of the Homework

Goals of this course

The students know the most important dangers for Internet Web sites and their users. The students have an overview of the measures to take for programming safe web sites. They can tell which are the basic-principles of Web security.

Module description

Description in English


This lecture takes place during the summer semester.
Date24.04.2012 - 24.04.2012 - Summer Semester
ExamUnknown Date
Room SR 00-007, Geb. 106
B.Sc/M.Sc6 ECTS Credits
ContactArnt Syring (arnt.syring (at) uni-freiburg.de)
Day Contents
24.04.2012Greetings / Presentation of the course
What is a web application? / What is your web application

Exercise draw the map of a given web site.
01.05.2012 No course: 1st of May
08.05.2012Hyper Text Transfer Protocol (Request / Response, HTTP-headers, GET vs. POST)

Exercise: Install a Web server and generate some HTTP Requests
15.05.2012HTTPS, SSL and TLS (PKI, Certificat, double side authentication using a certificat)

Install and configure a Secure Web server and a small Public Key Infrastructure (PKI)
22.05.2012XSS Cross Site Scripting (Javascript, DOM-manipulation)

Exercise: Install a corrupt Guestbook application and implement reflected and stored XSS on it.
29.05.2012 No course: Pfingsten Break
05.06.2012Cross Site Request Forgery

Exercise: Attack the corrupt application using XSS and CSRF
12.06.2012Injection Flows
SQL Injection

Exercise : SQL Injection
19.06.2012Injection Flows
Other Injections (shell script, XML, ...)

Exercise : Shell Script and XML injection
26.06.2012Broken Authentication and Session Management

Exercise: Implement a phishing attack (without using any new site).
03.07.2012Malicious File Execution

Exercise : Malicious File Execution
10.07.2012Insecure Cryptographic Storage and Communications,

Homework: presentation
17.07.2012 Web Security Testing

Other Resources related with this course

Your IP Address is
Copyright Emmanuel Benoist 2008-2013