Web Security Ben Stock

News

12.06.2019

Better late than after..

The preliminary slides are online :-)

29.05.2019

Exercise Sheet 7

You can now find the newest exercise sheet in the CMS. As always: Have fun and see you next week!
29.05.2019

Lecture slides, tutorial, and slight delay in exercise sheets

Due to both Marius and myself being on a trip yesterday (and today for Marius), the preliminary slides have only just been uploaded. 

Also due to this, there will be a slight delay in releasing the exercises (most likely still today, though).

Finally, as... Read more

Due to both Marius and myself being on a trip yesterday (and today for Marius), the preliminary slides have only just been uploaded. 

Also due to this, there will be a slight delay in releasing the exercises (most likely still today, though).

Finally, as tomorrow is a public holiday, there will not be a tutorial. The solutions for the sheet from last week will be presented alongside those of this next in the tutorial on June 6th.

13.05.2019

Alternative Lecture Slot for this Wednesday (15-05-2019)

According to the preliminary results of the Doodle, the lecture will take place at the 12-14 timeslot in the CISPA lecture hall.
For those who can not attend, we will supply the recordings of the lecture as soon as possible. 
In addition to that, the preliminary... Read more

According to the preliminary results of the Doodle, the lecture will take place at the 12-14 timeslot in the CISPA lecture hall.
For those who can not attend, we will supply the recordings of the lecture as soon as possible. 
In addition to that, the preliminary for the lecture is already available in the materials section.

13.05.2019

Alternative Lecture Slot for this Wednesday (15-05-2019)

Due to a short notice event, the lecture hall in CISPA is unavailable at our usual timeslot.
Since we want to provide you with the recording of the lecture and the real lecture experience, we need to reschedule the lecture to one slot earlier/later.
Please fill... Read more

Due to a short notice event, the lecture hall in CISPA is unavailable at our usual timeslot.
Since we want to provide you with the recording of the lecture and the real lecture experience, we need to reschedule the lecture to one slot earlier/later.
Please fill out the following Doodle such that we know which timeframe suits you most.
Deadline: 14.05.2019 (tomorrow) 12:00
https://doodle.com/poll/fqxbva6q2xevursd

09.05.2019

Exercise Sheet 4 online; no Tutorial today

You can now find the new exercise sheet in the materials section of the CMS. As discussed yesterday in the Lecture, there will be no Tutorial today since we have no undiscussed sheet left. If there happen to be questions concerning past exercises/lecture... Read more
You can now find the new exercise sheet in the materials section of the CMS. As discussed yesterday in the Lecture, there will be no Tutorial today since we have no undiscussed sheet left. If there happen to be questions concerning past exercises/lecture content, please refer to the Askbot. As always: have fun with the new exercises!
02.05.2019

Gitlab Registration

Apparently, some folks registered in our Gitlab which was not intended, we also disabled registration altogether now.

You can login with your CMS username and your secret displayed in the CMS as password, there will be a project called screecher waiting for... Read more

Apparently, some folks registered in our Gitlab which was not intended, we also disabled registration altogether now.

You can login with your CMS username and your secret displayed in the CMS as password, there will be a project called screecher waiting for you.

Any self-registered account will not work for our projects. 

01.05.2019

Tutorial Tomorow

Tomorrow we will have the first regular Tutorial in CISPA's lecture hall starting at 8:30. We will discuss the past project, but as usual you can ask questions to previous contents of the lecture.
24.04.2019

Changes to Exercise Sheet 3

In some cases, the ssh config which you should use to clone the GitLab is not working. If so, add the 'IdentityFile ~/.ssh/websec19' to your ssh config. The exercise sheet has been updated accordingly.
24.04.2019

Exercise Sheet is online!

Exercise Sheet 3 as well as the solution for Exercise Sheet 2 are online now.

In addition to that all parts of the infrastructure which you need for this exercise sheet should work fine.

Have Fun!

23.04.2019

Tutorial Slot

The Doodle has spoken! Thus, the Tutorial will take place every Thursday 8:30 - 10 in the CISPA Lecture Hall.
We will explain topics regarding the current project, answer questions, and if there are any solutions, we will present them to you.
See you all on... Read more

The Doodle has spoken! Thus, the Tutorial will take place every Thursday 8:30 - 10 in the CISPA Lecture Hall.
We will explain topics regarding the current project, answer questions, and if there are any solutions, we will present them to you.
See you all on Wednessday for the Django 101 Lecture.

15.04.2019

Lecture slides online

As part of an experiment I want to run, I have uploaded the slides for Wednesday's lecture so you can take notes on them. I have removed the quiz answers, but feel free to think about them beforehand :)

10.04.2019

Lecture recordings and tutorial date

The information on how lecture recordings can be accessed is available through the CMS at https://cms.cispa.saarland/websec19/4/Lecture_Recordings

The doodle for the tutorial slot is available at https://doodle.com/poll/syfirvezgkku6k7b

Finally, should you... Read more

The information on how lecture recordings can be accessed is available through the CMS at https://cms.cispa.saarland/websec19/4/Lecture_Recordings

The doodle for the tutorial slot is available at https://doodle.com/poll/syfirvezgkku6k7b

Finally, should you decide to not take the course, please let us know so we can unregister you. Due to hardware restrictions, we can only provide 80 VMs and only students enrolled in the CMS will get a VM. For now, there are 75 students signed up for the course.

09.04.2019

First lecture

The first lecture will commence tomorrow at 10:15 in the CISPA lecture hall. If you haven't been to CISPA before, to get to the lecture hall, please turn left when you enter the building and just go straight ahead. 

Show all
 

Web Security

After an extensive discussion within the group, we have decided to drop the requirement to successfully pass 50% of the exercise points. Instead, all exercises will be optional, yet we highly suggest you solve them, as the exam will be practical and harder to solve if you have not done the exercises.

The lecture will take place every Wednesday from 10-12, starting April 10th (unless excluded below)

This lecture is an advanced lecture in Web security. At the very least, having taking CySec1/CySec2 or Security will significantly ease taking this course. If you are looking for easy 6CP, this is not the lecture for you. If you want to learn a lot about different aspects of Web Security and understand how flaws can be exploited and fixed and are willing to commit significant effort to a course, this is the right course for you.

Due to hardware limitations, this course can only accommodate up to 60 80 students.

Lectures not taking place

  • 24.4.2019 (Django 101 instead)
  • 3.7.2019

Exams 

  • Main exam: 22.7.2019 10-12
  • Backup exam: 7.10.2019 14-16

Exercises 

After each lecture, we will release exercises. These will typically consist of both theoretical questions and practical problems. For the practical tasks, each person will have their own VM with an installation of Screecher, our social network for owls. This will have new (vulnerable) features added each week, and your job is to a) migrate to the latest version of Screecher each week, b) find and fix the flaws in your installation and c) attack a centralized version of Screecher to steal secret information.

All exercises will be optional, yet we suggest you tackle them. For bragging rights, there will be a scoreboard and regular automated checks to see if your instance is running correctly and unexploited. Also, you have to submit the secret information to get additional points on the scoreboard.



Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators