Hiwi for web application security

Prerequisites:

Important:

Knowledge of HTML/JS, Java and/or Typescript.

Helpful:

Ever heard of:

  • XSS (reflected, stored)
  • SQL injection
  • JSON injection
  • XXE
  • CORS
  • CSP
  • path traversal
  • JWTs, no-sniff
  • Http-only cookies
  • HTTP Session fixation
  • Data-After-Redirect
  • Header injection

Desired working hours:

15-40h/month

Start:

September/October/November... 2021

Tasks:

  • Develop target applications for the practical course
  • Descriptions of the tasks
  • Contribution of own exploit/vulnerability ideas

We offer:

A lot of freedom in task design

contact:

Felix Dörre,
felix.doerre∂kit.edu