Web Security (module BTI-4203)

Goals of this course

This part of the course aims at providing a good overview of a major software security issues: Web Security.
The students will see the most dangerous web securities issues (for instance XSS, XRSF, SQL injection, ...). They know how such flows can be exploited and know how one can protect a site. They have experienced this attacks on example web sites.

Moodle page

Moodle page for this course


The specialisation courses are given on Fridays in Biel, 8:30 - 11:55 and 12:45 - 16:10.
Courses are taught by Hansjürg Wenger, Kai Brünnler, Emmanuel Benoist and Gerhard Hassenstein. The following schedule represents the courses of the Fall Term 2021-2022.
The first half of the semester is for the module BTI-4204 (H. Wenger and G. Hassenstein), the second part for BTI-4203 (E. Benoist and K. Brünler).
Day Contents
24.09.2021 (Morning)H. Wenger
24.09.2021 (Afternoon)G. Hassenstein
01.10.2021 (Morning)H. Wenger
01.10.2021 (Afternoon)G. Hassenstein
08.10.2021 (Morning)H. Wenger
08.10.2021 (Afternoon)G. Hassenstein
15.10.2021 (Morning)H. Wenger
15.10.2021 (Afternoon)G. Hassenstein
22.10.2021 (Morning)H. Wenger
22.10.2021 (Afternoon)G. Hassenstein
29.10.2021 (Morning)H. Wenger
29.10.2021 (Afternoon)G. Hassenstein
05.11.2021 (Morning)H. Wenger
05.11.2021 (Afternoon)G. Hassenstein
12.11.2021 (Morning)K. Bünnler
12.11.2021 (Afternoon)Injections
19.11.2021 (Morning) No course: Bloc week
19.11.2021 (Afternoon) No course: Bloc week
26.11.2021 (Morning)K. Bünnler
26.11.2021 (Afternoon)Broken Access Control
03.12.2021 (Morning)K. Bünnler
03.12.2021 (Afternoon)Identification or Authentication Failures
10.12.2021 (Morning)K. Bünnler
10.12.2021 (Afternoon)Cryptographic failures
17.12.2021 (Morning)K. Bünnler
17.12.2021 (Afternoon)Cross Site Scripting
24.12.2021 (Morning)K. Bünnler
24.12.2021 (Afternoon) No course: Christmas Eve
31.12.2021 (Morning) No course: Weihnachtsferien / Vacances de Noel
31.12.2021 (Afternoon) No course: Weihnachtsferien / Vacances de Noel
07.01.2022 (Morning) No course: Weihnachtsferien / Vacances de Noel
07.01.2022 (Afternoon) No course: Weihnachtsferien / Vacances de Noel
14.01.2022 (Morning)K. Bünnler
14.01.2022 (Afternoon)Audit-Methodology and Risk Analysis
21.01.2022 (Morning) No course: Finaltag
21.01.2022 (Afternoon) No course: Finaltag


This course is part of the module BTI-4203 "Pa" module. Students will pass a written exam (120 minutes for only XML-security and Web-Security (parts taught by E. Benoist and K. Brünler)). This module gives 4 ECTS credits and is part of the Qualification Group C.
This course is also an optional module of the Master of Digital Forensics of the Unil. It counts for 3 ECTS. This module is examinated with an oral exam of 20 minutes.