Skip to content

Module Guide

Aims and Summary

The Internet allowed computers, devices and people across the world to interact, revolutionising people lives, whole industries and shaping the future of technology. The most visible part of the Internet is the World Wide Web, and today most people use the Internet exclusively to access this aspect. The same connectivity that has driven advances in computing and communication technology, however, allows attackers to scan and exploit services remotely, with a whole host of methods to remain anonymous. This module aims to equip students with skills and knowledge around Web security, including protocols, digital certificates and authentication, session management, stealing and manipulating cookies, as well as methods of protect web applications.

Learning Outcomes

The intended learning outcomes are that, on this module, the student should be able to:

  1. Interact with the protocols that define the World Wide Web
  2. Demonstrate practical knowledge of digital certification and TLS
  3. Perform a security audit of a web application
  4. Recommend security measures to protect web applications

Hours

  • Laboratory: 13
  • Lecture: 13

Topics

A rough guide to the weekly topics is below:

Note

This is the expected delivery of the module. However, topics may change depending on our progress throughout the year. (or if something interesting comes up)

Week Topic
1 Introduction, HTTP Basics
2 Sessions and Cookies
3 Pentesting Websites
4 Indexing and Recon (Active)
5 Indexing and Recon (Passive)
6 OWASP top 10 overview
7 OWASP: XSS
8 OWASP: SQLi
9 OWASP: SSTI
10 Developing Secure Web
11 TLS / SSL
12 Revision
13 Revision

Assessment

This module is assessed through 100% coursework.

To pass the module you must get a score of 40% or greater.

Component Description Learning Outcomes Submission Date
CW Security Audit 1, 2, 3, 4 Week 11

CW: Web application security audit. The report will be up to 2000 words.

Back to top