System and Web Security

Lecture and Exercise (Master).

IT-systems are constantly under attack, by various kinds of attackers with diverse interests: criminal organizations with monetary interests, intelligence agencies, industrial espionage by states and companies.

The course covers the most common attack vectors on computer systems, including mobile devices, and the web. These include, for example, stack and heap overflows, format string vulnerabilities, integer overflows, return-oriented-programming, Cross-Site-Scripting (CSS/XSS), SQL Injections, and Cross-Site-Request-Forgery (XSRF), etc.

The course also discusses common defense mechanisms, including, for example, access control mechanisms, address space layout randomization (ASLR), static code analysis, security monitoring, input/output sanitization, prepared statements, etc.


You have to obtain at least 50% of all points in the homework in order to be admitted to the final exam.

The exam will either be a written exam (90 minutes) or an oral exam (30 minutes), depending on the number of participants.


Both the lecture and the exercise are held in English.

This image shows Ralf Küsters

Ralf Küsters

Prof. Dr.

Head of Institute

This image shows Tim Würtele

Tim Würtele


Ph.D. Student

To the top of the page