Security requirements are among the key challenges when designing and developing software. There are often a variety of potential attack points in IT systems that could be success­fully exploited by potential attackers (with appro­priate effort).

The lack of basic knowledge on security, high time pressure or carelessness frequently leads to seemingly small errors, which can then be exploited with fatal conse­quences in terms of security. Web appli­ca­tions, in parti­cular, often have a poten­tially large, globally distri­buted user group with access via the Internet. As a result of this, the circle of attackers increases massively and so, too, does the likelihood of errors being disco­vered and exploited. In addition, web appli­ca­tions are often victims of automated attack attempts shortly after imple­men­tation. Information systems may only be used by the company’s own employees and are thus exposed to other attack scenarios. After all, embedded systems can now be found almost every­where, so security issues can have a massive impact. Updates are not always possible in embedded systems.

If you take a look at the most common attack methods, they can usually be prevented by a “clean” architecture and clear commu­ni­cation. This curri­culum aims to combine the somewhat academic world of security in software develo­pment with common technical practice.

Security cannot be consi­dered independently of the context in which the systems are used. The reference to web appli­ca­tions, information systems, or embedded systems limits the thematic focus and ensures that the relevant information for the security of the respective systems is commu­ni­cated. The curri­culum focuses on web appli­ca­tions, but content about embedded systems or information systems can be inserted at the relevant points instead.