Module overview
This module will teach the principles of security in web and cloud based systems and how these principles apply in a range of different applications.
Linked modules
Pre-requisites: ELEC1204 OR COMP1202
Aims and Objectives
Learning Outcomes
Subject Specific Practical Skills
Having successfully completed this module you will be able to:
- Perform a security assessment for an organisation as part of a team
- Use examples of security penetration testing tools
- Secure development of web applications
Subject Specific Intellectual and Research Skills
Having successfully completed this module you will be able to:
- Critically analyse Web and Cloud based systems for security problems
- Critically analyse Web based systems for security problems
- Recognise and discuss examples of cyber security vulnerabilities
Transferable and Generic Skills
Having successfully completed this module you will be able to:
- Communicate effectively on a broad range of issues with security professionals
Knowledge and Understanding
Having successfully completed this module, you will be able to demonstrate knowledge and understanding of:
- The core technical elements of web and cloud based security systems
- The current trends in cyber security; threats, their importance, and why they are hard to face
- Cyber security frameworks, standards and best practices, and how to apply these within an organisation
Syllabus
Web based security
- Web applications and systems
- Penetration testing
- OWASP
- Vulnerabilities and exploitation
- Security of database applications
- Injection attacks, cross-site scripting - Server configuration
Cloud based security
- Virtualisation - hypervisor security and data protection
- Cloud services – vulnerabilities and protection
- Secure designs for cloud architecture
- Standards, governance and compliance for cloud based infrastructures
Secure web development :
- client-side and server-side protection
- protecting against injection attacks
- implementing authentication and access control
- techniques for ensuring data privacy
- cross-site scripting
- guarding against third-party component vulnerabilities - building a secure API
Learning and Teaching
Teaching and learning methods
.
| Type | Hours |
|---|---|
| Completion of assessment task | 70 |
| Preparation for scheduled sessions | 9 |
| Wider reading or practice | 26 |
| Follow-up work | 9 |
| Lecture | 36 |
| Total study time | 150 |
Resources & Reading list
Internet Resources
Assessment
Summative
This is how we’ll formally assess what you have learned in this module.
| Method | Percentage contribution |
|---|---|
| Coursework | 50% |
| Coursework | 50% |
Referral
This is how we’ll assess you if you don’t meet the criteria to pass this module.
| Method | Percentage contribution |
|---|---|
| Set Task | 100% |
Repeat
An internal repeat is where you take all of your modules again, including any you passed. An external repeat is where you only re-take the modules you failed.
| Method | Percentage contribution |
|---|---|
| Set Task | 100% |
Repeat Information
Repeat type: Internal & External