Web Application Security Advanced

June 10/11, 2024, Zurich (in German)

Learning objectives

The participants will expand their basic knowledge of web application security topics. They gain an understanding of the additional risks of modern web technologies, the meaning of the Same Origin Policy and also Cross Domain subjects. In addition, the participants will have a closer look at some of the modern authorization and authentication frameworks, which are used nowadays to build single-sign-on solutions.

The exercises will be done on www.hacking-lab.com. Following the course, the lab environment is available to the participants for another monthups.

Demarcation: The course is focussed on the web layer. Nessus, Nmap and Vulnerability Scanning are not included in this course. In addition, the course is the continuation of the foundation course, "Web Application Security Basic".


  • Same Origin Policy
  • JSON Security
  • Cross-Origin Resource Sharing (CORS)
  • WebsSocket Security
  • Content Security Policy
  • JavaScript Frameworks & Script Gadgets
  • XML External Entity Attacks
  • SAML Attacks
  • JOSE (JSON Object Signing and Encryption) & JWT
  • OAuth
  • OpenID Connect

Target group

  • Security Officers
  • Web developers
  • Graduates of the "Web Application Security Basic” seminar


  • Familiarity with the Linux command line
  • Knowledge of the HTTP protocol
  • Knowledge of the various components of a modern web application
  • Technologies like JavaScript, REST, XML, JSON are familiar concepts
  • Familiar with OWASP Top 10 attacks (like SQL Injection, Cross-Site Scripting etc.)
  • Knowledge from the "Web Application Security Basic” seminar

Important Note 

The course is conducted in the German language.

Course Fees

CHF 2'300.00
CHF 1'950.00 for members of ISSS

Location and  Course Hours

Compass Security Schweiz AG
Josefstrasse 53
8005 Zurich

Our courses last form 9.15 to 17.15 with lunch from 12.15 to 13.30 and additional breaks.

Course Administration

Please contact +41 58 510 36 00 or team.csch(at)compass-security.com



The course will definitely take place. Registrations are still possible. 

Terms and Conditions, Compass Trainings (German)

Personal Details