Web Application Security Advanced

Learning objectives

The participants will expand their basic knowledge of web application security topics. They gain an understanding of the additional risks of modern web technologies, the meaning of the Same Origin Policy and also Cross Domain subjects. In addition, the participants will have a closer look at some of the modern authorization and authentication frameworks, which are used nowadays to build single-sign-on solutions.

The exercises will be done on www.hacking-lab.com. Following the course, the lab environment is available to the participants for another monthups.

Demarcation: The course is focussed on the web layer. Nessus, Nmap and Vulnerability Scanning are not included in this course. In addition, the course is the continuation of the foundation course, "Web Application Security Basic".


  • XML Injection Attacks
  • Java Deserialization
  • JSON Hijacking
  • Same Origin Policy
  • Cross-Origin Resource Sharing (CORS)
  • Advanced SQL Injection
  • Web Entry Server & Web Application Firewall
  • HTML5 Attacks
  • AngularJS Security & Best Practices
  • SAML Attacks
  • JOSE (JSON Object Signing and Encryption)
  • OAuth
  • OpenID Connect

                                Target group

                                • Security Officers
                                • Web developers
                                • Graduates of the "Web Application Security Basic” seminar


                                • Familiarity with the Linux command line
                                • Knowledge of the HTTP protocol
                                • Knowledge of the various components of a modern web application
                                • JavaScript, GET/POST, XML, JSON are familiar concepts
                                • Knowledge from the "Web Application Security Basic” seminar


                                      Cyber Risks - Früherkennung leicht gemacht

                                      Das SwissBoardForum lädt ein zum Spezialevent «Cyber Risks». Ivan Bütler zeigt in seinem Live Hacking, welchen Risiken unsere Infrastruktur gegenüber... Read more

                                      Beer-Talk in Zürich: Bluetooth Low Energy: Protocol, Security & Attacks

                                      Immer mehr Geräte und Gadgets können über Bluetooth Low Energy (BLE) miteinander kommunizieren. Haben Sie sich schon gefragt, was dieses BLE überhaupt... Read more

                                      Security Training: Secure Mobile Apps

                                      In the 2-day course (in German) from Mai 12/13, 2020, you will learn about the most important security problems of mobile apps. Read more

                                      ALL DATES


                                      Vulnerability in Abacus

                                      Ville Koch identified a Cross-Site Scripting vulnerability in Abacus. Read more

                                      Rein kommen wir meistens

                                      In einem Interview in der Wirtschaftszeitung «Finanz und Wirtschaft» spricht Walter Sprenger über die Motivationsgründe und Methoden der Hacker. Read more

                                      KMU im Visier von Cyberkriminellen

                                      In der Sendung «Fokus KMU» erzählt ein Betroffener über die Auswirkungen der Cyber Attacke auf sein Unternehmen. Cyrill Brunschwiler von Compass... Read more


                                      Compass Security Blog

                                      New SMBGhost Vulnerability Affects Modern Windows Systems

                                      A new vulnerability (CVE-2020-0796) affecting SMBv3 has been discovered. The community has started to name this vulnerability SMBGhost because everyone knows this vulnerability is present but no... mehr

                                      Domain-Join Computers the Proper Way

                                      When you add a new computer, it must first join the domain. If you use its future main user to do it, they'll become the owner and be able to hijack the computer to become a local administrator in... mehr

                                      ZUM BLOG