Web Security and IT Governance (E)
level of course unit
second cycle, Master
Learning outcomes of course unit
The following learning outcomes are developed in the course:
- Students have detailed knowledge of security concepts on the client side, server side and on the transport level within web applications.
- Students know the most important cryptographic procedures in theory and practice and can use them specifically in the web environment.
- Students have detailed knowledge of current attack methods and suitable protection mecha-nisms in different web application areas.
- Students know options for testing web applications for security risks.
- Students know organizational structures and processes for supporting corporate strategy and goals, through IT.
- Students know procedures and standards for IT governance.
prerequisites and co-requisites
not applicable
course contents
The course teaches basic topics in the field of web security. This includes cryptographic pro-cedures, security in transport protocols (HTTPS, SSL and TLS), threats (e.g. code injection, cross site scripting, cross site request forgery) and appropriate countermeasures. Using ready-made, prepared web applications (e.g. JuiceShop), students attempt to exploit threats and security holes to gain a better understanding of the security of web applications. Based on these examples, countermeasures for selected threats are discussed (e.g. input validation, prepared statements). Students are also introduced to security problems at network level (e.g. ARP spoofing, denial-of-service attacks, etc.).
In the subject area of IT Governance, students are taught the basics of IT governance. To this end, important processes and organizational structures are discussed so that business and IT can be aligned with each other. Basic terms are discussed, as well as the classification of IT governance into corporate governance. Furthermore, frameworks and standards (e.g. Cobit, ITIL) are discussed.
recommended or required reading
- Stuttard, D., Pinto, M.: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws. 2011
- Hoffman, A. Web Application Security: Exploitation and Countermeasures for Modern Web Applications. 2020
- Eckert, C.: IT-Sicherheit: Konzepte - Verfahren - Protokolle. 2018
- Kern, C., Kesavan, A., Daswani, N.: Foundations of Security: What Every Programmer Needs to Know (Expert's Voice). 2007
- Johannsen, W., Goeken, M.: Referenzmodelle für IT-Governance: Methodische Unterstützung der Unternehmens-IT mit COBIT, ITIL & Co. 2010
- Weill, P., Ross, J.: IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. 2004
assessment methods and criteria
Written exam
language of instruction
English
number of ECTS credits allocated
3
eLearning quota in percent
15
course-hours-per-week (chw)
2
planned learning activities and teaching methods
Lecture, group work, presentation and task discussion
semester/trimester when the course unit is delivered
4
name of lecturer(s)
Prof. (FH) Lukas Demetz, PhD
year of study
2
recommended optional program components
not applicable
course unit code
DTS.3
type of course unit
integrated lecture
mode of delivery
Compulsory
work placement(s)
not applicable