Web Security and IT Governance (E)

second cycle, Master

The following learning outcomes are developed in the course: - Students have detailed knowledge of security concepts on the client side, server side and on the transport level within web applications. - Students know the most important cryptographic procedures in theory and practice and can use them specifically in the web environment. - Students have detailed knowledge of current attack methods and suitable protection mecha-nisms in different web application areas. - Students know options for testing web applications for security risks. - Students know organizational structures and processes for supporting corporate strategy and goals, through IT. - Students know procedures and standards for IT governance.

not applicable

The course teaches basic topics in the field of web security. This includes cryptographic pro-cedures, security in transport protocols (HTTPS, SSL and TLS), threats (e.g. code injection, cross site scripting, cross site request forgery) and appropriate countermeasures. Using ready-made, prepared web applications (e.g. JuiceShop), students attempt to exploit threats and security holes to gain a better understanding of the security of web applications. Based on these examples, countermeasures for selected threats are discussed (e.g. input validation, prepared statements). Students are also introduced to security problems at network level (e.g. ARP spoofing, denial-of-service attacks, etc.). In the subject area of IT Governance, students are taught the basics of IT governance. To this end, important processes and organizational structures are discussed so that business and IT can be aligned with each other. Basic terms are discussed, as well as the classification of IT governance into corporate governance. Furthermore, frameworks and standards (e.g. Cobit, ITIL) are discussed.

- Stuttard, D., Pinto, M.: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws. 2011 - Hoffman, A. Web Application Security: Exploitation and Countermeasures for Modern Web Applications. 2020 - Eckert, C.: IT-Sicherheit: Konzepte - Verfahren - Protokolle. 2018 - Kern, C., Kesavan, A., Daswani, N.: Foundations of Security: What Every Programmer Needs to Know (Expert's Voice). 2007 - Johannsen, W., Goeken, M.: Referenzmodelle für IT-Governance: Methodische Unterstützung der Unternehmens-IT mit COBIT, ITIL & Co. 2010 - Weill, P., Ross, J.: IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. 2004

Written exam

English

3

15

2.0

Lecture, group work, presentation and task discussion

2

Prof. (FH) Lukas Demetz, PhD

2

DTS.3

integrated lecture

Compulsory

not applicable