Web Application Security Advanced

Learning objectives

The participants will expand their basic knowledge of web application security topics. They gain an understanding of the additional risks of modern web technologies, the meaning of the Same Origin Policy and also Cross Domain subjects. In addition, the participants will have a closer look at some of the modern authorization and authentication frameworks, which are used nowadays to build single-sign-on solutions.

The exercises will be done on www.hacking-lab.com. Following the course, the lab environment is available to the participants for another monthups.

Demarcation: The course is focussed on the web layer. Nessus, Nmap and Vulnerability Scanning are not included in this course. In addition, the course is the continuation of the foundation course, "Web Application Security Basic".


  • XML Injection Attacks
  • Java Deserialization
  • JSON Hijacking
  • Same Origin Policy
  • Cross-Origin Resource Sharing (CORS)
  • Advanced SQL Injection
  • Web Entry Server & Web Application Firewall
  • HTML5 Attacks
  • AngularJS Security & Best Practices
  • SAML Attacks
  • JOSE (JSON Object Signing and Encryption)
  • OAuth
  • OpenID Connect

                                Target group

                                • Security Officers
                                • Web developers
                                • Graduates of the "Web Application Security Basic” seminar


                                • Familiarity with the Linux command line
                                • Knowledge of the HTTP protocol
                                • Knowledge of the various components of a modern web application
                                • JavaScript, GET/POST, XML, JSON are familiar concepts
                                • Knowledge from the "Web Application Security Basic” seminar


                                      New: Compass-Training "Internal Network and System Security" in Bern

                                      In the 2-day seminar (in German) from February 11/12, 2020, you will get to know the most important basic concepts of IT security, attack tools and... Read more

                                      KMU Swiss Forum 2020

                                      The association «KMU Swiss» promotes the interaction between companies and specialists. He organises the annual KMU Swiss Forum. The next years motto... Read more

                                      secIT 2020 – das IT Frühlings-Highlight in Hannover

                                      Heise Medien lädt zur nächsten Veranstaltung der IT Security Branche ein. Im März 2020 öffnen die Tore der secIT zum dritten Mal. Wir sind vor Ort mit... Read more

                                      ALL DATES


                                      Daten als Wettbewerbsvorteil

                                      Das Basel Economic Forum ist das Wirtschaftsforum für die trinationale Metropolitanregion Basel und die Nordwestschweiz. Im November fand die 6.... Read more

                                      Vulnerability in Apache Olingo OData 4.0

                                      Compass analysts identified an XXE vulnerability in Apache Olingo OData 4.0. Read more

                                      Vulnerability in totemodata

                                      Fabio Poloni identified an XSS vulnerability in totemodata®. Read more


                                      Compass Security Blog

                                      Finding Active Directory attack paths using BloodHound

                                      As a defender, you want to find and patch attack paths in your Active Directory environment. One cannot easily spot issues by looking at the Active Directory Users and Computers console, GPOs, etc.... mehr

                                      Challenging Your Forensic Readiness with an Application-Level Ransomware Attack

                                      Ransomware focuses on encrypting data on a filesystem-level, either locally on infected client systems or remotely on accessible file servers. However, what if ransomware would start encrypting data... mehr

                                      ZUM BLOG