Web Application Security Advanced

Learning objectives

The participants will expand their basic knowledge of web application security topics. They gain an understanding of the additional risks of modern web technologies, the meaning of the Same Origin Policy and also Cross Domain subjects. In addition, the participants will have a closer look at some of the modern authorization and authentication frameworks, which are used nowadays to build single-sign-on solutions.

The exercises will be done on www.hacking-lab.com. Following the course, the lab environment is available to the participants for another monthups.

Demarcation: The course is focussed on the web layer. Nessus, Nmap and Vulnerability Scanning are not included in this course. In addition, the course is the continuation of the foundation course, "Web Application Security Basic".


  • XML Injection Attacks
  • Java Deserialization
  • JSON Hijacking
  • Same Origin Policy
  • Cross-Origin Resource Sharing (CORS)
  • Advanced SQL Injection
  • Web Entry Server & Web Application Firewall
  • HTML5 Attacks
  • AngularJS Security & Best Practices
  • SAML Attacks
  • JOSE (JSON Object Signing and Encryption)
  • OAuth
  • OpenID Connect

                                Target group

                                • Security Officers
                                • Web developers
                                • Graduates of the "Web Application Security Basic” seminar


                                • Familiarity with the Linux command line
                                • Knowledge of the HTTP protocol
                                • Knowledge of the various components of a modern web application
                                • JavaScript, GET/POST, XML, JSON are familiar concepts
                                • Knowledge from the "Web Application Security Basic” seminar


                                      Basel Economic Forum 2019

                                      The Basel Economic Forum is the economic forum for the trinational metropolitan region of Basel and northwestern Switzerland. The 6th event will take... Read more

                                      New: Compass-Training "Internal Network and System Security" in Bern

                                      In the 2-day seminar (in German) from February 11/12, 2020, you will get to know the most important basic concepts of IT security, attack tools and... Read more

                                      KMU Swiss Forum 2020

                                      The association «KMU Swiss» promotes the interaction between companies and specialists. He organises the annual KMU Swiss Forum. The next years motto... Read more

                                      ALL DATES


                                      Vulnerability in totemodata

                                      Fabio Poloni identified an XSS vulnerability in totemodata®. Read more

                                      Gesundheitswesen: Ein leichtes Ziel für Hacker

                                      «Heime & Spitäler» ist das Fachmedium für Entscheidungsträger von Schweizer Heimen und Spitäler. In der aktuellen Ausgabe beschreibt Compass Security... Read more

                                      Vulnerablitity in VeloCloud™

                                      Silas Bärtsch identified a vulnerability in VeloCloud™ (VMware), that allows a VeloCloud standard admin user to access user information of other... Read more


                                      Compass Security Blog

                                      Hacking Tools Cheat Sheet

                                      Everyone knows: cheat sheets are cool! They are very useful if you already know the basics about a topic but you have to look up details when you are not sure about something. mehr

                                      Introducing Web Vulnerabilities into Native Apps

                                      Mobile applications nowadays make heavy use of WebViews in order to render their user interfaces. Frameworks such as PhoneGap / Apache Cordova are even used to implement most of the application's... mehr

                                      ZUM BLOG