Web Application Security

In this course, we will focus on teaching classical and new security vulnerabilities in web applications: for example injection vulnerabilities, XSS, CSRF, and many more. At the end of this class you will test your knowledge by analyzing the codebase of various frequently-used TUM tools, like TUMLive, NavigaTUM, as well as other open source projects. For more details, see https://www.sec.in.tum.de/i20/teaching/ws2026/web-application-security.

No FCFS until 11.07.2026 14:00; FCFS afterwards.

Update 09.07. 12:30: There was an unintended solution in the qualification challenge, making it way easier than intended. That bug has been fixed now: the only difference is re.match vs. re.fullmatch in app.py, line 14.
Existing qualifications have been reset. Please solve the challenge again. The FCFS deadline has been extended accordingly. People who solved the old challenge have been notified via mail.

Update 09.07. 13:30: There was another problem in the challenge, which has been fixed now. Please redownload the challenge again.
Interested? Solve our qualification challenge, obtain a flag and register below. The challenge is reachable under http://131.159.252.18:3001/.

Registration Form

Valid applications received: 60

The flag you obtained from the qualification challenge
Please use your university e-mail (e.g. @tum.de or @in.tum.de)