Web Security Ben Stock

News

23.04.2019

Tutorial Slot

The Doodle has spoken! Thus, the Tutorial will take place every Thursday 8:30 - 10 in the CISPA Lecture Hall.
We will explain topics regarding the current project, answer questions, and if there are any solutions, we will present them to you.
See you all on... Read more

The Doodle has spoken! Thus, the Tutorial will take place every Thursday 8:30 - 10 in the CISPA Lecture Hall.
We will explain topics regarding the current project, answer questions, and if there are any solutions, we will present them to you.
See you all on Wednessday for the Django 101 Lecture.

15.04.2019

Lecture slides online

As part of an experiment I want to run, I have uploaded the slides for Wednesday's lecture so you can take notes on them. I have removed the quiz answers, but feel free to think about them beforehand :)

10.04.2019

Lecture recordings and tutorial date

The information on how lecture recordings can be accessed is available through the CMS at https://cms.cispa.saarland/websec19/4/Lecture_Recordings

The doodle for the tutorial slot is available at https://doodle.com/poll/syfirvezgkku6k7b

Finally, should you... Read more

The information on how lecture recordings can be accessed is available through the CMS at https://cms.cispa.saarland/websec19/4/Lecture_Recordings

The doodle for the tutorial slot is available at https://doodle.com/poll/syfirvezgkku6k7b

Finally, should you decide to not take the course, please let us know so we can unregister you. Due to hardware restrictions, we can only provide 80 VMs and only students enrolled in the CMS will get a VM. For now, there are 75 students signed up for the course.

09.04.2019

First lecture

The first lecture will commence tomorrow at 10:15 in the CISPA lecture hall. If you haven't been to CISPA before, to get to the lecture hall, please turn left when you enter the building and just go straight ahead. 

 

Web Security

After an extensive discussion within the group, we have decided to drop the requirement to successfully pass 50% of the exercise points. Instead, all exercises will be optional, yet we highly suggest you solve them, as the exam will be practical and harder to solve if you have not done the exercises.

The lecture will take place every Wednesday from 10-12, starting April 10th (unless excluded below)

This lecture is an advanced lecture in Web security. At the very least, having taking CySec1/CySec2 or Security will significantly ease taking this course. If you are looking for easy 6CP, this is not the lecture for you. If you want to learn a lot about different aspects of Web Security and understand how flaws can be exploited and fixed and are willing to commit significant effort to a course, this is the right course for you.

Due to hardware limitations, this course can only accommodate up to 60 80 students.

Lectures not taking place

  • 24.4.2019 (Django 101 instead)
  • 3.7.2019

Exams 

  • Main exam: 22.7.2019 10-12
  • Backup exam: 7.10.2019 14-16

Exercises 

After each lecture, we will release exercises. These will typically consist of both theoretical questions and practical problems. For the practical tasks, each person will have their own VM with an installation of Screecher, our social network for owls. This will have new (vulnerable) features added each week, and your job is to a) migrate to the latest version of Screecher each week, b) find and fix the flaws in your installation and c) attack a centralized version of Screecher to steal secret information.

All exercises will be optional, yet we suggest you tackle them. For bragging rights, there will be a scoreboard and regular automated checks to see if your instance is running correctly and unexploited. Also, you have to submit the secret information to get additional points on the scoreboard.



Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators