Skip to content

Module Guide: 6005CEM

This is the course material for the 6005CEM "Security" module.

In this module we look as Cyber security from a developers viewpoint. What are the most common mistakes? What can we do to fix them? How do we avoid ending up in a Hall of Shame somewhere?

Module Team

I currently work with the Institute of Coding, developing materials on Cyber Security I have also taught on the Ethical Hacking degree and masters courses.

I am a general computer scientist, and have interests in Coding, IoT and embedded systems (or really anything computer based except UX) When it comes to Hacking, I am firmly on the Red Team, and love breaking into systems or taking code apart to see how it works. Love taking part in CTF events, binary mangling and just learning about the cool ways we can misuse software.

If you have any questions, you can:

  • Email Me: (aa9863@coventry.ac.uk)

Module Aims

Module Description

This module introduces students to the concepts and practical considerations of creating and evaluating secure computer systems. Systems will be analysed at both the application level and at the level of interconnected devices in architectures suck as client-server and cloud-based, with attention given to security-by-design, security legislation and regulation and the associated products and services.

In this module we will be looking at the security of computer systems from a computer science viewpoint. We will cover general cyber security concepts, and take a detailed look at some of the issues that can occur during software development.

My Teaching philosophy

While there is a lot of theory to cover, we will be trying to take as practical approach as possible.

My belief is the best approach to learning is to get your hands dirty and write some code that demonstrates the problem.

Learning Outcomes

  1. Critically evaluate a range of encryption and authentication methods for a given set of requirements.
  2. Utilise systematic knowledge to create secure environments at the host or network level.
  3. Develop and evaluate software that addresses the most common and most severe security concerns.
  4. Critically evaluate the security of an IT ecosystem.

Materials.

All the written material will also be hosted on GitHub. You're here, so you should know that...

Feel free to fork your own copy of the Repository, and update it with your own notes.
If you make any really interesting changes that you feel could be included for next time around, send me a pull request.

Labs

There will be a lot of practical stuff for the labs.

  • You should be comfortable with Reading Code, my examples will mostly use c, python and a bit of JavaScript.
  • You should be able to write code, language choice is up to you (but if you do want to use something obscure like BrainF*ck have a chat first)
  • You also really should be comfortable with using version control systems (I prefer Git)

For the practical examples we will mostly be using Linux, with Docker behind the Scenes. I don't expect you to be Linux (or docker) experts, but finding your way around a bash shell would be useful.

Extra Tasks and Materials.

There will also be extra materials or tasks that you can do.
Taking part is optional, but it gives me the chance to introduce concepts that we wouldn't have time for otherwise.

About extra tasks

You don't have to take part, and there wont be any of the topics assessed (IE Something as an Extra task WONT be directly assessed in the coursework).

However, a wider understanding of the topic isn't a bad thing. You are 3rd year university students, so should be able to discuss where the module fits into the Bigger picture (You should be somewhere around "evaluate" and "analyse" in Booms Taxonomy. Being able to talk about these wider issues, and see how they fit with the topics in the coursework isn't a bad thing, and should make it easier to get a better grade.

Module Topics

There are three main themes we will be discussing:

Infrastructure

At the start of the course we will focus on security concepts, and infrastructure. - What are the core concepts behind security? - What are the biggest threats in terms of security? - Legal and Ethical Requirements - How can we help managers make sensible decisions around security - Technical aspects to security. Will a Firewall or AV system save you? - How can we de developers write better code

Cryptography

Being able to send messages securely is vital for the web to work. How could we do online shopping or banking without being able to send our details securely?

  • Public Key Encryption and Infrastructure
  • Storing Data securely
  • Implementing PKI in your systems.
  • Session Management and Security.

Development

The Fun part. We will take a look at some real world issues, with a focus on web development. How to break computer systems (and how to fix them)

  • What are the most common developer mistakes?
  • Practical exploitation of Buffer overflows and secure coding
  • Exploiting (and Fixing) Web Application Vulnerabilities such as SQLi, and XSS.

Assessment

The module is 100% coursework, which means no exams. There are two coursework components, each worth 50% of the final module mark

Back to top