Web Security (module BTI-4203)

Goals of this course

This part of the course aims at providing a good overview of a major software security issues: Web Security.
The students will see the most dangerous web securities issues (for instance XSS, XRSF, SQL injection, ...). They know how such flows can be exploited and know how one can protect a site. They have experienced this attacks on example web sites.

Moodle page

Moodle page for this course


The specialisation courses are given on Fridays in Biel, 8:20 - 11:55.
Course is taught by Kai Brünnler, Emmanuel Benoist. The following schedule represents the courses of the Fall Term 2022-2023.
Day Contents
22.09.2023 K. Bünnler
29.09.2023 K. Bünnler
06.10.2023 K. Bünnler
13.10.2023 K. Bünnler
20.10.2023 K. Bünnler
27.10.2023 K. Bünnler
03.11.2023 K. Bünnler
10.11.2023 Injections
17.11.2023 No course: Bloc week
24.11.2023 Broken Access Control
01.12.2023 Identification or Authentication Failures
08.12.2023 Cryptographic failures
15.12.2023 Cross Site Scripting
22.12.2023 Emmanuel Benoist - Other OWASP Top 10 problems
29.12.2023 No course: Weihnachtsferien / Vacances de Noel
05.01.2024 No course: Weihnachtsferien / Vacances de Noel
12.01.2024 Audit-Methodology and Risk Analysis
19.01.2024 No course: Finaltag


This course is part of the module BTI-4203 "Pa" module. Students will pass a written exam (120 minutes for only XML-security and Web-Security (parts taught by E. Benoist and K. Brünler)). This module gives 4 ECTS credits and is part of the Qualification Group C.
This course is also an optional module of the Master of Digital Forensics of the Unil. It counts for 3 ECTS. This module is examinated with an oral exam of 20 minutes.