WEB APPLICATION SECURITY

SHE Level 4
SCQF Credit Points 20.00
ECTS Credit Points 10.00
Module Code MHI124570
Module Leader Kenneth Ovens
School School of Computing, Engineering and Built Environment
Subject Cyber Security and Networks
Trimester
  • B (January start)

Pre-Requisite Knowledge

Ethical Hacking or equivalent.

Summary of Content

Web application vulnerabilities can pose serious problems to the security of an organisation as well as the security of its clients. The aim of this module is to provide students with an understanding of the most prevalent web application vulnerabilities, their causes, consequences as well as methodologies for testing for evidence of vulnerabilities within applications and protection against these. In this module students utilise techniques of ethical hacking to discover and exploit vulnerabilities in Web applications. Students use tools in this process as well as critically analyse the role of tools in the discovery of vulnerabilities. They critically evaluate security breaches that stem from vulnerabilities in web applications. This module has been designed to provide students with structured knowledge needed to discover vulnerabilities and recommend solutions for improving web application security and protecting data from potential attackers.

Syllabus

Stuttart, D. and Pinto M. (2011) The Web Application Hacker's Handbook, 2nd ed, John Wiley & Sons, Inc. Zalewski, M. (2011) The Tangled Web: A Guide to Securing Modern Web Applications, No Starch Press Clarke, J. (2009) SQL Injection Attacks and Defense, Syngress EC-Council (2010) Ethical Hacking and Countermeasures: Series, EC-Council Harper, A. et al (2011) Gray Hat Hacking The Ethical Hackers Handbook, McGraw-Hill. Heiderich, M. (2010) Web Application Obfuscation, Syngress Oriyano, S.P. (2011) Client-Side Attacks and Defense, Syngress Wilhelm, T. (2009) Professional Penetration Testing, Syngress OWASP (2014) Testing Guide 4.0, Available from: https://www.owasp.org/images/1/19/OTGv4.pdf

Learning Outcomes

On successful completion of this module a student should be able to:Critically appraise common Web application vulnerabilities. Discuss the implications of common vulnerabilities and recommend ways to rectify or mitigate them.Utilize appropriate penetration testing tools for a given scenario and understand their output. Understand the approaches and methodologies used when performing a penetration test.Implement a penetration testing strategy to identify and analyse Web application vulnerabilities.Exploit common vulnerabilities in web applications.

Teaching / Learning Strategy

This module will be taught by means of lectures, seminars/tutorials, and practical exercises. Students are directed to study appropriate texts and articles both paper based and web based to consolidate their knowledge of the topics covered. Assessment of learning outcomes will consist of reports from practical exercises and a final exam. GCULearn will also be used to provide access to a range of relevant learning resources and materials to enhance the teaching strategy. Interactive multimedia content including video tutorials from industry experts, games, and quizzes, addressing a variety of learning styles and helping to stimulate learning and increase knowledge retention. Activities and lab exercises that reinforce learning. Links to articles and websites for enhanced learning on specific topics. Quizzes and exams to check students' understanding of the information covered. During all laboratory and tutorial sessions students will receive formative feedback on their performance in undertaking the exercises. Summative feedback can be obtained for the coursework and final written exam undertaken as part of the module.

Indicative Reading

Stuttart, D. and Pinto M. (2011) The Web Application Hacker's Handbook, 2nd ed, John Wiley & Sons, Inc. Zalewski, M. (2011) The Tangled Web: A Guide to Securing Modern Web Applications, No Starch Press Clarke, J. (2009) SQL Injection Attacks and Defense, Syngress EC-Council (2010) Ethical Hacking and Countermeasures: Series, EC-Council

Transferrable Skills

C1 - Logical thinking and problem solving. C2 - Critical analysis. D1 - Communication skills (electronic, written, oral and listening) necessary to make effective presentation of a technical nature (information, ideas, problems and their solutions) to a range of audiences. E2 - Creativity, innovation and independent thinking. E6 - Ability to prioritise tasks and time management (organising and planning work).

Module Structure

Activity Total Hours
Tutorials (FT) 12.00
Independent Learning (FT) 120.00
Practicals (FT) 24.00
Assessment (FT) 20.00
Lectures (FT) 24.00

Assessment Methods

Component Duration Weighting Threshold Description
Exam (Exams Office) 2.00 50.00 35% Unseen written exam
Coursework 1 2.00 50.00 35% Lab exam