| [ Home ] | [ Slides ] | [ Examples ] | [ Exercises ] | [ Resources ] |
| Date | 24.04.2012 - 24.04.2012 - Summer Semester |
| Exam | Unknown Date |
| Room | SR 00-007, Geb. 106 |
| Course | 10:00-12:00 |
| Exercises | 12:00-14:00 |
| B.Sc/M.Sc | 6 ECTS Credits |
| Contact | Arnt Syring (arnt.syring (at) uni-freiburg.de) |
| Day | Contents |
|---|---|
| 24.04.2012 | Greetings / Presentation of the course What is a web application? / What is your web application Exercise draw the map of a given web site. |
| 01.05.2012 | No course: 1st of May |
| 08.05.2012 | Hyper Text Transfer Protocol (Request / Response, HTTP-headers, GET vs.
POST) Exercise: Install a Web server and generate some HTTP Requests |
| 15.05.2012 | HTTPS, SSL and TLS (PKI, Certificat, double side authentication using a certificat) Install and configure a Secure Web server and a small Public Key Infrastructure (PKI) |
| 22.05.2012 | XSS Cross Site Scripting (Javascript, DOM-manipulation)
Exercise: Install a corrupt Guestbook application and implement reflected and stored XSS on it. |
| 29.05.2012 | No course: Pfingsten Break |
| 05.06.2012 | Cross Site Request Forgery Exercise: Attack the corrupt application using XSS and CSRF |
| 12.06.2012 | Injection Flows SQL Injection Exercise : SQL Injection |
| 19.06.2012 | Injection Flows Other Injections (shell script, XML, ...) Exercise : Shell Script and XML injection |
| 26.06.2012 | Broken Authentication and Session Management Exercise: Implement a phishing attack (without using any new site). |
| 03.07.2012 | Malicious File Execution Exercise : Malicious File Execution |
| 10.07.2012 | Insecure Cryptographic Storage and Communications,
Homework: presentation |
| 17.07.2012 | Web Security Testing |
| 24.07.2012 | Homework |