Prerequisites:

Important:

Knowledge of HTML/JS, Java and/or Typescript.

Helpful:

Ever heard of:

• XSS (reflected, stored)
• SQL injection
• JSON injection
• XXE
• CORS
• CSP
• path traversal
• JWTs, no-sniff
• Http-only cookies
• HTTP Session fixation
• Data-After-Redirect
• Header injection

Desired working hours:

15-40h/month

Start:

September/October/November... 2021

Tasks:

• Develop target applications for the practical course
  
• Descriptions of the tasks
  
• Contribution of own exploit/vulnerability ideas
  

We offer:

A lot of freedom in task design

contact:

Felix Dörre,
felix.doerre∂kit.edu