Web Application Security Advanced

Learning objectives

The participants will expand their basic knowledge of web application security topics. They gain an understanding of the additional risks of modern web technologies, the meaning of the Same Origin Policy and also Cross Domain subjects. In addition, the participants will have a closer look at some of the modern authorization and authentication frameworks, which are used nowadays to build single-sign-on solutions.

The exercises will be done on www.hacking-lab.com. Following the course, the lab environment is available to the participants for another monthups.

Demarcation: The course is focussed on the web layer. Nessus, Nmap and Vulnerability Scanning are not included in this course. In addition, the course is the continuation of the foundation course, "Web Application Security Basic".


  • Same Origin Policy
  • JSON Security
  • Cross-Origin Resource Sharing (CORS)
  • WebsSocket Security
  • Content Security Policy
  • JavaScript Frameworks & Script Gadgets
  • XML External Entity Attacks
  • SAML Attacks
  • JOSE (JSON Object Signing and Encryption) & JWT
  • OAuth
  • OpenID Connect

Target group

  • Security Officers
  • Web developers
  • Graduates of the "Web Application Security Basic” seminar


  • Familiarity with the Linux command line
  • Knowledge of the HTTP protocol
  • Knowledge of the various components of a modern web application
  • Technologies like JavaScript, REST, XML, JSON are familiar concepts
  • Familiar with OWASP Top 10 attacks (like SQL Injection, Cross-Site Scripting etc.)
  • Knowledge from the "Web Application Security Basic” seminar