Web Security and IT Governance (E)
Niveau
second cycle, Master
Learning outcomes of the courses/module
The following learning outcomes are developed in the course:
- Students have detailed knowledge of security concepts on the client side, server side and on the transport level within web applications.
- Students know the most important cryptographic procedures in theory and practice and can use them specifically in the web environment.
- Students have detailed knowledge of current attack methods and suitable protection mecha-nisms in different web application areas.
- Students know options for testing web applications for security risks.
- Students know organizational structures and processes for supporting corporate strategy and goals, through IT.
- Students know procedures and standards for IT governance.
- Students have detailed knowledge of security concepts on the client side, server side and on the transport level within web applications.
- Students know the most important cryptographic procedures in theory and practice and can use them specifically in the web environment.
- Students have detailed knowledge of current attack methods and suitable protection mecha-nisms in different web application areas.
- Students know options for testing web applications for security risks.
- Students know organizational structures and processes for supporting corporate strategy and goals, through IT.
- Students know procedures and standards for IT governance.
Prerequisites for the course
not applicable
Course content
The course teaches basic topics in the field of web security. This includes cryptographic pro-cedures, security in transport protocols (HTTPS, SSL and TLS), threats (e.g. code injection, cross site scripting, cross site request forgery) and appropriate countermeasures. Using ready-made, prepared web applications (e.g. JuiceShop), students attempt to exploit threats and security holes to gain a better understanding of the security of web applications. Based on these examples, countermeasures for selected threats are discussed (e.g. input validation, prepared statements). Students are also introduced to security problems at network level (e.g. ARP spoofing, denial-of-service attacks, etc.).
In the subject area of IT Governance, students are taught the basics of IT governance. To this end, important processes and organizational structures are discussed so that business and IT can be aligned with each other. Basic terms are discussed, as well as the classification of IT governance into corporate governance. Furthermore, frameworks and standards (e.g. Cobit, ITIL) are discussed.
In the subject area of IT Governance, students are taught the basics of IT governance. To this end, important processes and organizational structures are discussed so that business and IT can be aligned with each other. Basic terms are discussed, as well as the classification of IT governance into corporate governance. Furthermore, frameworks and standards (e.g. Cobit, ITIL) are discussed.
Recommended specialist literature
- Stuttard, D., Pinto, M.: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws. 2011
- Hoffman, A. Web Application Security: Exploitation and Countermeasures for Modern Web Applications. 2020
- Eckert, C.: IT-Sicherheit: Konzepte - Verfahren - Protokolle. 2018
- Kern, C., Kesavan, A., Daswani, N.: Foundations of Security: What Every Programmer Needs to Know (Expert's Voice). 2007
- Johannsen, W., Goeken, M.: Referenzmodelle für IT-Governance: Methodische Unterstützung der Unternehmens-IT mit COBIT, ITIL & Co. 2010
- Weill, P., Ross, J.: IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. 2004
- Hoffman, A. Web Application Security: Exploitation and Countermeasures for Modern Web Applications. 2020
- Eckert, C.: IT-Sicherheit: Konzepte - Verfahren - Protokolle. 2018
- Kern, C., Kesavan, A., Daswani, N.: Foundations of Security: What Every Programmer Needs to Know (Expert's Voice). 2007
- Johannsen, W., Goeken, M.: Referenzmodelle für IT-Governance: Methodische Unterstützung der Unternehmens-IT mit COBIT, ITIL & Co. 2010
- Weill, P., Ross, J.: IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. 2004
Assessment methods and criteria
Written exam
Language
English
Number of ECTS credits awarded
3
Share of e-learning in %
15
Semester hours per week
2.0
Planned teaching and learning method
Lecture, group work, presentation and task discussion
Semester/trimester in which the course/module is offered
2
Name of lecturer
Prof. (FH) Lukas Demetz, PhD
Academic year
2
Key figure of the course/module
DTS.3
Type of course/module
integrated lecture
Type of course
Compulsory
Internship(s)
not applicable