IY2S507 - Web Applications & Cloud Security 01 Jul 2022 - 31 Aug 2028 | Version 1

Associated Module Information

Module Code: IY2S507
Module Title: Web Applications & Cloud Security
Faculty: Faculty of Computing, Engineering and Science
Faculty Group: Computing and Mathematics
Faculty Sub Group: Cyber Security
Module Leader: Joshua Richards
Module Team: Sharan Johnstone, Rachael Medhurst, Emma Derbi, Beth Jenkins, Andrew Bellamy, Madhu Khurana, Peter Eden, Richard Ward, Arun Kumar, Nisha Rawindaran, Mamoun Qasem, Amar Seeam
First Intended Intake: Final Year of Intake:
Date Closed:
Credit Value: 20 Credit Level: 5
Language: English
Percentage of Module Taught in Welsh: 0
Equivalent Module:
HECOS codes: 100376 - computer and information security 100956 - programming
HECOS Code Weighting: 50 50

Document Version Information

Version 1
Valid From 01 Jul 2022
Valid To 31 Aug 2028

Module Aims

Develop intermediate knowledge and skills on how to develop secure software, defend and account for possible exploitations and

Understand the security vulnerabilities present in programming practices of web-based applications running on desktop and mobile environments.

Content Summary

  • Microsoft Azure Web development environment.
  • Database as a service (DbaaS).
  • API Management.
  • Web application Development Skills.
  • SQL queries secure and insecure.
  • Azure/Cloud Vulnerabilities and exploitation. (CVE database)
  • Securing the Azure/Cloud environment.
  • Introduction to advanced web security concepts.

Learning and Teaching Methods

Activity Type Hours
Lecture 12
Tutorial 12
Practical classes and workshops 24
Independent Study 72
Directed Study 48
Formative Assessment - Scheduled 2
Groupwork 5
Interdisciplinary work 10
Problem / challenge based learning 15
Total Hours Selected 200

Learning Outcomes

# Learning Outcome
LO1 Demonstrate an intermediate knowledge and skills on how to develop secure software, defend and account for possible exploitations
LO2 Analyse data and demonstrate knowledge of the security vulnerabilities present in programming practices of web-based applications running on desktop and mobile environments.

Module Requisites

N/A

Assessment Criteria

Assessment Category Assessment Type Description Duration Word Count Weight (%) Best of? Pass Mark
Asynchronous Assessment Practical Written Work 1 Technical Report 0 1500 50 No 40
Asynchronous Assessment Student Choice 1 Demonstration of the student's working application either via a 10 minute presentation of their code in-situ, or a 10 minute recorded video uploaded to Blackboard based on a standard outline. 10 N/A 50 No 40

Assessment Matrix

Assessment Type Learning Outcomes
LO1 LO2
Practical Written Work 1
Student Choice 1

Reading List

https://rl.talis.com/3/southwales/lists/9AC76475-6C6F-A763-8950-B8EDE6B75540.html?lang=en&login=1

Essential Reading:

Abbadi, IM (2014) Cloud Management and Security, John Wiley & Sons, Incorporated, New York. Available from: ProQuest Ebook Central.

Bass, D (2018), Beginning Serverless Architectures with Microsoft Azure : Design Scalable Applications and Microservices That Effortlessly Adapt to the Requirements of Your Customers, Packt Publishing, Limited, Birmingham. Available from: ProQuest Ebook Central.

Recommended Reading:

G.Harper and R.Scott McCoy.(2017), Security Operations Center Guidebook, A Practical Guide for a Successful SOC, Butterworth-Heinemann; 1st edition

Munsch, A. & Munsch, P. (2020) The Future of API (Application Programming Interface) Security: The Adoption of APIs for Digital Communications and the Implications for Cyber Security Vulnerabilities. Journal of international technology and information management.

Ram Bermejo Higuera, J. et al. (2021) Combinatorial Method with Static Analysis for Source Code Security in Web Applications. Computer modeling in engineering & sciences.