Web Engineering & IT Solutions PT
Apply Icon

Web Security and IT Governance (E)

level of course unit

second cycle, Master

Learning outcomes of course unit

The following learning outcomes are developed in the course:

- Students have detailed knowledge of security concepts on the client side, server side and on the transport level within web applications.
- Students know the most important cryptographic procedures in theory and practice and can use them specifically in the web environment.
- Students have detailed knowledge of current attack methods and suitable protection mecha-nisms in different web application areas.
- Students know options for testing web applications for security risks.
- Students know organizational structures and processes for supporting corporate strategy and goals, through IT.
- Students know procedures and standards for IT governance.

prerequisites and co-requisites

not applicable

course contents

The course teaches basic topics in the field of web security. This includes cryptographic pro-cedures, security in transport protocols (HTTPS, SSL and TLS), threats (e.g. code injection, cross site scripting, cross site request forgery) and appropriate countermeasures. Using ready-made, prepared web applications (e.g. JuiceShop), students attempt to exploit threats and security holes to gain a better understanding of the security of web applications. Based on these examples, countermeasures for selected threats are discussed (e.g. input validation, prepared statements). Students are also introduced to security problems at network level (e.g. ARP spoofing, denial-of-service attacks, etc.).

In the subject area of IT Governance, students are taught the basics of IT governance. To this end, important processes and organizational structures are discussed so that business and IT can be aligned with each other. Basic terms are discussed, as well as the classification of IT governance into corporate governance. Furthermore, frameworks and standards (e.g. Cobit, ITIL) are discussed.

recommended or required reading

- Stuttard, D., Pinto, M.: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws. 2011
- Hoffman, A. Web Application Security: Exploitation and Countermeasures for Modern Web Applications. 2020
- Eckert, C.: IT-Sicherheit: Konzepte - Verfahren - Protokolle. 2018
- Kern, C., Kesavan, A., Daswani, N.: Foundations of Security: What Every Programmer Needs to Know (Expert's Voice). 2007
- Johannsen, W., Goeken, M.: Referenzmodelle für IT-Governance: Methodische Unterstützung der Unternehmens-IT mit COBIT, ITIL & Co. 2010
- Weill, P., Ross, J.: IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. 2004

assessment methods and criteria

Written exam

language of instruction


number of ECTS credits allocated


eLearning quota in percent


course-hours-per-week (chw)


planned learning activities and teaching methods

Lecture, group work, presentation and task discussion

semester/trimester when the course unit is delivered


name of lecturer(s)

Prof. (FH) Lukas Demetz, PhD

year of study


recommended optional program components

not applicable

course unit code


type of course unit

integrated lecture

mode of delivery


work placement(s)

not applicable