Skip to content
Certified Profes­sional for Software Architecture (CPSA®)

The CPSA® Advanced Level Module WEBSEC – iSAQB® Training Course in Web Security


Web Security

What is “security”? How to integrate security into your Analysis and Devel­opment Lifecycle with a technical focus on web-based systems?

Credit Points for WEBSEC Training Courses

Techno­logical Competence


Methodical Compe­tence


Commu­nicative Competence



CPSA Advanced Level module WEBSEC diagram curriculum content

Content of the module Web Security (WEBSEC)




Secure Devel­opment and Design




Web: Technical Foundations


Web: Attack Vectors


Web: Security and Infrastructure

How to integrate security into your Analysis and Devel­opment Lifecycle with a technical focus on web-based systems

Security requirements are among the key challenges when designing and devel­oping software. There are often a variety of potential attack points in IT systems that could be success­fully exploited by potential attackers (with appro­priate effort).

The lack of basic knowledge on security, high time pressure or carelessness frequently leads to seemingly small errors, which can then be exploited with fatal conse­quences in terms of security. Web appli­ca­tions, in particular, often have a poten­tially large, globally distributed user group with access via the Internet. As a result of this, the circle of attackers increases massively and so, too, does the likelihood of errors being discovered and exploited. In addition, web appli­ca­tions are often victims of automated attack attempts shortly after imple­men­tation. Information systems may only be used by the company’s own employees and are thus exposed to other attack scenarios. After all, embedded systems can now be found almost every­where, so security issues can have a massive impact. Updates are not always possible in embedded systems.

If you take a look at the most common attack methods, they can usually be prevented by a “clean” architecture and clear commu­ni­cation. This curriculum aims to combine the somewhat academic world of security in software devel­opment with common technical practice.

Security cannot be considered indepen­dently of the context in which the systems are used. The reference to web appli­ca­tions, information systems, or embedded systems limits the thematic focus and ensures that the relevant information for the security of the respective systems is commu­ni­cated. The curriculum focuses on web appli­ca­tions, but content about embedded systems or information systems can be inserted at the relevant points instead.

Related Blog Posts


Falk Sippach’s blog post intro­duces the iSAQB CPSA Advanced certification, detailing the practical and theoretical challenges involved in completing its rigorous project-based exam within three months alongside regular work.

Read More

There is a wide range of certifi­cates on offer, yet most certifi­cates and certification proce­dures are based on a similar process with some compa­rable variants…

Read More
iSAQB-blog CPSA-A Level

This blog post answers the most important questions about the written part of the iSAQB Advanced Level exam…

Read More

Additional Information

Frequently Asked Questions

There are currently no FAQs for this topic. Please check out our FAQ page for more FAQs.


Advanced Level – Sample task for the CPSA‑A exami­nation task

Sample task “BigSpender” / Topic – Information System

Deutsche Version [pdf]

English Version [pdf]

Curriculum Module WEBSEC – Web Security

Curriculum of the Advanced Level Module WEBSEC with all learning goals and terms for the individual chapters.

English Version [pdf]

Deutsche Version [pdf]

Stay Up-to-Date with the iSAQB® Newsletter!

Scroll To Top