IY2S401 - Internet Application Security 01 Sep 2024 - 30 Jul 2030 | Version 0
Associated Module Information
| Module Code: | IY2S401 | ||
|---|---|---|---|
| Module Title: | Internet Application Security | ||
| Faculty: | Faculty of Computing, Engineering and Science | ||
| Faculty Group: | Cyber Security | ||
| Faculty Sub Group: | Cyber Security | ||
| Module Leader: | Christopher Tubb | ||
| Module Team: | Ashley Nute, Barbara Hayman, David Reed, Gaynor Davies, Robert James | ||
| First Intended Intake: | SEP 2024 | Final Year of Intake: | 2029 |
| Date Closed: | |||
| Credit Value: | 20 | Credit Level: | 5 |
| Language: | English | ||
| Percentage of Module Taught in Welsh: | 0 | ||
| Equivalent Module: | |||
| HECOS codes: | 100376 - computer and information security | 100956 - programming | |
| HECOS Code Weighting: | 50 | 50 | |
Document Version Information
| Version | 0 |
|---|---|
| Valid From | 01 Sep 2024 |
| Valid To | 30 Jul 2030 |
Module Aims
The aim of this module to enable students to develop intermediate knowledge and skills on how to develop secure software, defend and account for possible exploitations. Understand the security vulnerabilities present in programming practices of web-based applications running on desktop and mobile environments.
Content Summary
Microsoft Azure Web development environment.
Database as a service (DbaaS).
API Management.
Web application Development Skills.
SQL queries secure and insecure.
Azure/Cloud Vulnerabilities and exploitation. (CVE database)
Securing the Azure/Cloud environment.
Introduction to advanced web security concepts.
Security Testing of internet Applications
Business Logic and Back-End Components Security
Authentication, Authorization and Session Security
Common Exploitation Techniques and Vulnerabilities for Internet Applications
Threat Modelling for internet Application
Securing Internet Applications via Third Party Libraries and Regular Expressions
Learning and Teaching Methods
| Activity Type | Hours |
|---|---|
| Lecture | 12 |
| Seminars | 12 |
| Practical Classes and Workshops | 24 |
| Independent Study | 75 |
| Direct Study (including online independent learning) | 48 |
| Formative Assessment (scheduled) | 4 |
| Interdisciplinary Work | 10 |
| Problem/Challenge based learning | 15 |
| Total Hours Selected | 200 |
Learning Outcomes
| # | Learning Outcome |
|---|---|
| LO1 | Demonstrate an intermediate knowledge and skills on how to develop secure software, defend and account for possible exploitations. |
| LO2 | Analyse data and demonstrate knowledge of the security vulnerabilities present in programming practices of web-based applications running on desktop and mobile environments. |
Module Requisites
N/A
Assessment Criteria
| Assessment Category | Assessment Type | Description | Duration | Word Count | Weight (%) | Best of? | Pass Mark |
|---|---|---|---|---|---|---|---|
| Asynchronous Assessment | Poster 1 | Students will produce a poster on an internet application security topic. | 0 | 1500 | 40 | No | 40 |
| Asynchronous Assessment | Practical Written Work 1 | Students will write up a piece of practical work that has been undertaken | 0 | 2000 | 60 | No | 40 |
Assessment Matrix
| Assessment Type | Learning Outcomes | ||
|---|---|---|---|
| LO1 | LO2 | ||
| Poster 1 | ✔ | ✔ | |
| Practical Written Work 1 | ✔ | ✔ | |