[ Home ] | [ Slides ] | [ Examples ] | [ Exercises ] | [ Resources ] |
Date | 24.04.2012 - 24.04.2012 - Summer Semester |
Exam | Unknown Date |
Room | SR 00-007, Geb. 106 |
Course | 10:00-12:00 |
Exercises | 12:00-14:00 |
B.Sc/M.Sc | 6 ECTS Credits |
Contact | Arnt Syring (arnt.syring (at) uni-freiburg.de) |
Day | Contents |
---|---|
24.04.2012 | Greetings / Presentation of the course What is a web application? / What is your web application Exercise draw the map of a given web site. |
01.05.2012 | No course: 1st of May |
08.05.2012 | Hyper Text Transfer Protocol (Request / Response, HTTP-headers, GET vs.
POST) Exercise: Install a Web server and generate some HTTP Requests |
15.05.2012 | HTTPS, SSL and TLS (PKI, Certificat, double side authentication using a certificat) Install and configure a Secure Web server and a small Public Key Infrastructure (PKI) |
22.05.2012 | XSS Cross Site Scripting (Javascript, DOM-manipulation)
Exercise: Install a corrupt Guestbook application and implement reflected and stored XSS on it. |
29.05.2012 | No course: Pfingsten Break |
05.06.2012 | Cross Site Request Forgery Exercise: Attack the corrupt application using XSS and CSRF |
12.06.2012 | Injection Flows SQL Injection Exercise : SQL Injection |
19.06.2012 | Injection Flows Other Injections (shell script, XML, ...) Exercise : Shell Script and XML injection |
26.06.2012 | Broken Authentication and Session Management Exercise: Implement a phishing attack (without using any new site). |
03.07.2012 | Malicious File Execution Exercise : Malicious File Execution |
10.07.2012 | Insecure Cryptographic Storage and Communications,
Homework: presentation |
17.07.2012 | Web Security Testing |
24.07.2012 | Homework |