IY2S554 - Internet Applications Security 01 Jul 2022 - 31 Aug 2028 | Version 1
Associated Module Information
| Module Code: | IY2S554 | ||
|---|---|---|---|
| Module Title: | Internet Applications Security | ||
| Faculty: | Faculty of Computing, Engineering and Science | ||
| Faculty Group: | Cyber Security | ||
| Faculty Sub Group: | Cyber Security | ||
| Module Leader: | Arun Kumar | ||
| Module Team: | Peter Eden, Richard Ward, Sharan Johnstone, Christopher Manley, Christopher Tubb, Andrew Bellamy, Madhu Khurana, Emma Derbi, Joshua Richards, Beth Jenkins, Rachael Medhurst, Nisha Rawindaran, Mamoun Qasem, Chelsea Cooper | ||
| First Intended Intake: | SEP 2022 | Final Year of Intake: | 2027 |
| Date Closed: | |||
| Credit Value: | 20 | Credit Level: | 5 |
| Language: | English | ||
| Percentage of Module Taught in Welsh: | 0 | ||
| Equivalent Module: | |||
| HECOS codes: | 100376 - computer and information security | ||
| HECOS Code Weighting: | 100 | ||
Document Version Information
| Version | 1 |
|---|---|
| Valid From | 01 Jul 2022 |
| Valid To | 31 Aug 2028 |
Module Aims
- To understand how to develop secure software, defend and account for possible exploitations.
- Understand the security vulnerabilities present in programming practices of internet applications running on the desktop and mobile environments.
- Understanding the importance of good testing strategies and the ability to comprehend and fix flaws within existing internet applications
Content Summary
- Internet Application Technologies
- Common Web Development Languages (e.g Python/HTML5/PHP/JavaScript)
- Security Development Lifecycle
- OWASP Software Assurance Maturity Model
- Security Testing of internet Applications
- Business Logic and Back-End Components Security
- Authentication, Authorization and Session Security
- Common Exploitation Techniques and Vulnerabilities for Internet Applications
- Threat Modelling for internet Application
- Securing Internet Applications via Third Party Libraries and Regular Expressions
Learning and Teaching Methods
| Activity Type | Hours |
|---|---|
| Practical classes and workshops | 48 |
| Independent Study | 80 |
| Directed Study | 72 |
| Total Hours Selected | 200 |
Learning Outcomes
| # | Learning Outcome |
|---|---|
| LO1 | To apply the student’s ability to develop secure internet application principals |
| LO2 | Demonstrate knowledge, comprehension and discernment in how to prevent exploitation of internet applications |
Module Requisites
N/A
Assessment Criteria
| Assessment Category | Assessment Type | Description | Duration | Word Count | Weight (%) | Best of? | Pass Mark |
|---|---|---|---|---|---|---|---|
| Asynchronous Assessment | Report 2 | Demonstrate a practical and theoretical understanding of the development of secure internet applications and good security practices. | 0 | 3000 | 60 | No | 40 |
| Asynchronous Assessment | Report 1 | Demonstrate a practical and theoretical understanding of the development of secure internet applications and good security practices. | 0 | 2000 | 40 | No | 40 |
Assessment Matrix
| Assessment Type | Learning Outcomes | ||
|---|---|---|---|
| LO1 | LO2 | ||
| Report 2 | ✔ | ✔ | |
| Report 1 | ✔ | ✔ | |