CW1: Security Audit
Assessment brief
View as Coursework BriefSubmission Informtion
| Handout Date | 20th September 2021 |
| Due Date | 3rd December 2021 |
| Estimated Effort | 20 Hours |
| Percentage of Module Mark | 50% |
ILO's Assessed
- 1. Critically evaluate a range of encryption and authentication methods for a given set of requirements.
- 4. Critically evaluate the security of an IT ecosystem.
Task and Mark Distribution
In this coursework you are required to perform a security audit of a computer system and write a report on the results of the audit.
You will have access to a copy of the system, and the source code, you can find details on the learning platform.
The Audit
You will need to perform an audit to find potential flaws in the system. You are free to choose appropriate method(s) for the audit process. This can include (and is not limited to):
- Code Review
- Use of Automated tools
- Fuzzing
- Automated Code Review
While you are free to use any appropriate method for the audit. You will be expected to justify the decision. Why are the approaches chosen appropriate for the audit process, what are the benefits and drawbacks of the audit methods chosen.
The Report.
You are expected to write a report suitable for a technical audience.
The report should describe the process used to Audit the system, and discuss any security issues found.
It is expected that the report will contain.
- A description of the Audit method(s) used.
- Methods used, and Justification.
- Brief Description of any issues found, and an assessment of their seriousness
- Overview and description of ALL vulnerabilities found in the system.
- Detailed description of ONE issue.
- What is the problem
- How Severe is the problem
- Any Suggestions for mitigation.
- It is expected you make use of the supporting literature, and relevant citations, to support your findings.
Report Structure
A suggested structure for the report would be:
- Introduction
- Audit Method(s)
- Description and justification for the Audit methods chosen.
- Audit Results
- Summary of results from code audit.
- Summary of security vulnerabilities discovered.
- Discussion of chosen vulnerability
- Detailed description of a single vulnerably
- Conclusions
Submission Instructions
Please submit your final report in PDF format, via the submission link.
Marking Scheme
| Component | Marks |
|---|---|
| Introduction and Conclusions | 10 |
| Audit Methods | 25 |
| Audit Results | 25 |
| Discussion of Vulnerability | 30 |
| Report Structure | 10 |
Marking Matrix
| Grade | Mark | Description |
|---|---|---|
| No submission | 0 | No work submitted |
| Fail | 0-25 | Clear failure demonstrating little understanding of relevant theories, concepts and issues. Minimal evidence of research and use of established methodologies and incomplete knowledge of the area. Serious and fundamental errors and aspects missing. No evidence of research. |
| Near Fail | 25-39 | Very limited understanding of relevant theories, concepts and. Little evidence of research and use of established methodologies. Some relevant material will be present. Deficiencies evident in analysis. Fundamental errors and some misunderstanding likely to be present. |
| Pass | 40-49 | Meets the learning outcomes with a basic understanding of relevant theories, concepts and issues.. Demonstrates an understanding of knowledge and subject-specific theories sufficient to deal with concepts. Assessment may be incomplete and with some errors. Research scope sufficient to evidence use of some established methodologies. Some irrelevant material likely to be present |
| 2:2 | 50-59 | Good understanding of relevant theories, concepts and issues with some critical analysis. Research undertaken accurately using established methodologies, enquiry beyond that recommended may be present. Some errors may be present and some inclusion of irrelevant material. Good understanding, with evidence of breadth and depth, of knowledge and subject-specific theories with indications of originality and autonomy |
| 2:1 | 60-69 | Very good work demonstrating strong understanding of theories, concepts and issues with clear critical analysis. Thorough research, using established methodologies accurately, beyond the recommended minimum with little, if any, irrelevant material present. Very good understanding, evidencing breadth and depth, of knowledge and subject-specific theories with some originality and autonomy. |
| First | 70-79 | Excellent work with clear evidence of understanding, creativity and critical/analytical skills. Thorough research well beyond the minimum recommended using methodologies beyond the usual range. Excellent understanding of knowledge and subject-specific theories with evidence of considerable originality and autonomy. |
| Outstanding | 80-90 | Outstanding work with high degree of understanding, creativity and critical/analytical skills. Outstanding understanding of knowledge and subject-specific theories. Evidence of outstanding research well beyond minimum recommended using a range of methodologies. Demonstrates creative flair, originality and autonomy. |
| Exceptional | 90-100 | Exceptional work with very high degree of understanding, creativity and critical/analytic skills. Evidence of exceptional research well beyond minimum recommended using a range of methodologies. . Exceptional understanding of knowledge and subject-specific theories. Demonstrates creative flair, a high degree of originality and autonomy. |