School of Electrical, Information and Media Engineering

Teaching programme

  • Master Lecture Advanced Web Security
  • Master's seminar on computer science: Web and Data Security

Lecture contents

This course covers the topic of data security. We will explore current topics in data security that have been published at the most prestigious IT security conferences (A*, A).

This course offers a very high level of hands-on exercises. We will implement and test most of the attacks ourselves and examine various systems for vulnerabilities.

For this purpose, we will use, among other tools, the specially developed eHacking Platform.

The course provides a comprehensive overview of web security. It examines the security and privacy of web applications and browsers based on current research findings. To this end, core components and advanced attack techniques that reflect the current state of research will be analyzed. These include, for example:

  • An introduction to modern web security architectures. In particular, we will explore the web attacker model.
  • Web crawling is a key technique in current web security research for automatically exploring a large number of unknown websites. In the course, we will develop a web crawler that must find various CTF flags within a random maze.
  • DNS and DoH (DNS Queries over HTTPS) are the foundation of the modern web. We will examine current research in this area and learn about a new attack technique: XSS-over-DoH.
  • OAuth is a widely used technology for delegating permissions and is currently employed by all major websites such as Facebook, Google, Twitter, GitHub, etc. The lecture explains in-depth details and common errors/attacks that can arise when using OAuth.
  • OpenID Connect is an extension of OAuth designed to authenticate users on websites using a third-party provider (e.g., via single sign-on methods like “Sign in with Google”). In recent years, OpenID Connect has established itself as the de facto standard for web logins via third-party providers. The lecture explains in detail how it differs from OAuth and what attacks are possible against OpenID Connect. In the hands-on exercises, you can put your exploit skills to the test. Can we take over the victim’s account?
  • Other modern web authentication methods, such as SAML (Security Assertion Markup Language) or Passkeys, are becoming widely used on the internet. However, numerous attacks exist targeting these systems, ranging from identity theft to remote code execution. Using these methods as examples, students will learn security best practices and will be able to independently evaluate the security of these systems.

The lecture deals with the topic of data security. Unlike SSL/TLS, which establishes a secure transport channel, this lecture is about protecting data directly.

As part of the lecture, various data security technologies are examined, for example:

  • JSON is a universal data description language that is supported by every modern browser, among other things. JSON messages can be protected directly with the help of JSON signature and JSON encryption. But is this enough or can these security mechanisms be bypassed?
  • REST is a very widespread technology that allows data to be accessed over the internet via http. It is not only used by all major websites such as Facebook, Google and Github, but is also used in the IoT. The lecture explains in-depth details and common errors/attacks based on the latest scientific findings and industry recommendations. Findings and industry recommendations such as the OWASP API Top 10.
  • XML is one of the oldest description languages for structured data and is still used in countless systems today. "It's just XML. What can probably go wrong?" is one of the most famous quotes from the Python XML library defusedxml. The answer to this question is examined in detail in the lecture: from denial-of-service vulnerabilities to local file inclusion and remote code execution. XML is the Swiss army knife of every penetration tester.

The knowledge learnt is then transferred to various document formats. Examples of this are

  • Office documents such as OOXML (Microsoft) or ODF (LibreOffice) are essentially zipped XML documents. They also support additional features such as digital signatures or encryption. Students learn more about this core component of our digitalisation with a view to its security.
  • PDF is probably the most widely used universal document exchange format. Firstly, we refute the widespread opinion that PDFs are merely boring, static documents and use various so-called "interactive features" to develop attacks. The lecture then examines the security properties of PDFs. In particular, digital signatures, which are used in contracts, for example, will be analysed. Will we be able to forge an invoice signed by Amazon in such a way that it is a refund of over 1 trillion euros and still remain validly signed?