Skip to content

WEBSEC – Web Security


Web Security

What is “security”? How to integrate security into your Analysis and Develo­pment Lifecycle with a technical focus on web-based systems?

Credit Points for WEBSEC Training Courses

Techno­lo­gical Competence


Metho­dical Competence


Commu­ni­cative Competence



CPSA Advanced Level module WEBSEC diagram curriculum content

Content of the module Web Security (WEBSEC)




Secure Develo­pment and Design




Web: Technical Foundations


Web: Attack Vectors


Web: Security and Infrastructure

How to integrate security into your Analysis and Develo­pment Lifecycle with a technical focus on web-based systems

Security requirements are among the key challenges when designing and developing software. There are often a variety of potential attack points in IT systems that could be success­fully exploited by potential attackers (with appro­priate effort).

The lack of basic knowledge on security, high time pressure or carelessness frequently leads to seemingly small errors, which can then be exploited with fatal conse­quences in terms of security. Web appli­ca­tions, in parti­cular, often have a poten­tially large, globally distri­buted user group with access via the Internet. As a result of this, the circle of attackers increases massively and so, too, does the likelihood of errors being disco­vered and exploited. In addition, web appli­ca­tions are often victims of automated attack attempts shortly after imple­men­tation. Information systems may only be used by the company’s own employees and are thus exposed to other attack scenarios. After all, embedded systems can now be found almost every­where, so security issues can have a massive impact. Updates are not always possible in embedded systems.

If you take a look at the most common attack methods, they can usually be prevented by a “clean” architecture and clear commu­ni­cation. This curri­culum aims to combine the somewhat academic world of security in software develo­pment with common technical practice.

Security cannot be consi­dered independently of the context in which the systems are used. The reference to web appli­ca­tions, information systems, or embedded systems limits the thematic focus and ensures that the relevant information for the security of the respective systems is commu­ni­cated. The curri­culum focuses on web appli­ca­tions, but content about embedded systems or information systems can be inserted at the relevant points instead.

Blog Articles about WEBSEC

There are currently no blog posts for this topic. Please check out our Blog for other articles.

Additional Information

Frequently Asked Questions

There are currently no FAQs for this topic. Please check out our FAQ page for more FAQs.


Curri­culum Module WEBSEC – Web Security

Curri­culum of the Advanced Level Module WEBSEC with all learning goals and terms for the individual chapters.

English Version [pdf]

Deutsche Version [pdf]

Stay Up-To-Date with the iSAQB® Newsletter!

Scroll To Top