advanced web security

master course // summer

The lecture deals comprehensively with the topic of web security. The security and privacy of web applications and browsers are analysed on the basis of current research results. Core components and advanced attack techniques are analysed, for example:

  • DOM clobbering is a sophisticated attack technique that can be used to inject seemingly harmless HTML markup into web pages to manipulate JavaScript code without writing a single line of malicious code.
  • Content Security Policy (CSP) is like a digital bouncer for websites that uses HTTP headers to decide which scripts, images and other resources may be loaded - effectively blocking cross-site scripting attacks.
  • XS leaks bypass the so-called same-origin policy, one of the main defences of a browser against various types of attacks. The purpose of the same-origin policy is to prevent information from being stolen from a trusted website.

We then look at the security of modern web authentication protocols. These include, among others:

  • OAuth is a very widespread technology for delegating authorisations and is now used by all major websites.and is used today by all major websites such as Facebook, Google, Twitter, Github etc. etc. The lecture explains in-depth details and common errors/attacks that can occur when using OAuth.
  • OpenID Connect is an extension for OAuth to authenticate users on websites with the help of a third-party provider (e.g. using single sign-on procedures such as e.g. using single sign-on procedures such as “Sign in with Google”). In recent years, OpenID Connect has established itself as the de facto standard for web logins via third-party providers. The lecture will explain in detail what the differences to OAuth are and which attacks on OpenID Connect are possible. You can put your exploit skills to the test in the practical exercises. Can we take over the victim’s account?
  • SAML stands for Security Assertion Markup Language and is a single sign-on standard that is widely used in business scenarios. However, there are numerous attacks ranging from identity theft to remote code execution.