IY2S401 - Internet Application Security 01 Sep 2024 - 30 Jul 2030 | Version 0

Associated Module Information

Module Code: IY2S401
Module Title: Internet Application Security
Faculty: Faculty of Computing, Engineering and Science
Faculty Group: Cyber Security
Faculty Sub Group: Cyber Security
Module Leader: Christopher Tubb
Module Team: Ashley Nute, Barbara Hayman, David Reed, Gaynor Davies, Robert James
First Intended Intake: SEP 2024 Final Year of Intake: 2029
Date Closed:
Credit Value: 20 Credit Level: 5
Language: English
Percentage of Module Taught in Welsh: 0
Equivalent Module:
HECOS codes: 100376 - computer and information security 100956 - programming
HECOS Code Weighting: 50 50

Document Version Information

Version 0
Valid From 01 Sep 2024
Valid To 30 Jul 2030

Module Aims

The aim of this module to enable students to develop intermediate knowledge and skills on how to develop secure software, defend and account for possible exploitations. Understand the security vulnerabilities present in programming practices of web-based applications running on desktop and mobile environments. 

Content Summary

Microsoft Azure Web development environment. 

    Database as a service (DbaaS). 

    API Management. 

    Web application Development Skills. 

    SQL queries secure and insecure. 

    Azure/Cloud Vulnerabilities and exploitation. (CVE database) 

    Securing the Azure/Cloud environment. 

    Introduction to advanced web security concepts. 

Security Testing of internet Applications 

   Business Logic and Back-End Components Security 

   Authentication, Authorization and Session Security 

  Common Exploitation Techniques and Vulnerabilities for Internet Applications 

  Threat Modelling for internet Application 

  Securing Internet Applications via Third Party Libraries and Regular Expressions 

Learning and Teaching Methods

Activity Type Hours
Lecture 12
Seminars 12
Practical Classes and Workshops 24
Independent Study 75
Direct Study (including online independent learning) 48
Formative Assessment (scheduled) 4
Interdisciplinary Work 10
Problem/Challenge based learning 15
Total Hours Selected 200

Learning Outcomes

# Learning Outcome
LO1 Demonstrate an intermediate knowledge and skills on how to develop secure software, defend and account for possible exploitations.
LO2 Analyse data and demonstrate knowledge of the security vulnerabilities present in programming practices of web-based applications running on desktop and mobile environments.

Module Requisites

N/A

Assessment Criteria

Assessment Category Assessment Type Description Duration Word Count Weight (%) Best of? Pass Mark
Asynchronous Assessment Poster 1 Students will produce a poster on an internet application security topic. 0 1500 40 No 40
Asynchronous Assessment Practical Written Work 1 Students will write up a piece of practical work that has been undertaken 0 2000 60 No 40

Assessment Matrix

Assessment Type Learning Outcomes
LO1 LO2
Poster 1
Practical Written Work 1

Reading List

Essential Reading: 

 

Abbadi, IM (2014) Cloud Management and Security, John Wiley & Sons, Incorporated, New York. Available from: ProQuest Ebook Central. 

 

Bass, D (2018), Beginning Serverless Architectures with Microsoft Azure : Design Scalable Applications and Microservices That Effortlessly Adapt to the Requirements of Your Customers, Packt Publishing, Limited, Birmingham. Available from: ProQuest Ebook Central. 

 

Recommended Reading: 

Barnett R (2013) The Web Application defenders Cookbook, Wiley Publishing. 

G.Harper and R.Scott McCoy.(2017), Security Operations Center Guidebook, A Practical Guide for a Successful SOC, Butterworth-Heinemann; 1st edition 

 

Munsch, A. & Munsch, P. (2020) The Future of API (Application Programming Interface) Security: The Adoption of APIs for Digital Communications and the Implications for Cyber Security Vulnerabilities. Journal of international technology and information management. 

 

Ram Bermejo Higuera, J. et al. (2021) Combinatorial Method with Static Analysis for Source Code Security in Web Applications. Computer modeling in engineering & sciences.