Show/hide contentOpenClose All
Curricular information is subject to change
- Identify key security concepts (assets, requirements, vulnerabilities), threats and attacks to software systems;
- Distinguish the most common classes of vulnerabilities, including architectural flaws and security bugs, in software projects;
- Select countermeasures that could be applied to mitigate vulnerabilities;
- Identify and exploit security vulnerabilities in software projects using security testing;
- Design secure software and develop patches to remove vulnerabilities from existing software projects;
- Specific security and privacy requirements, including compliance with necessary standards and regulations;
- Work in teams, share work fairly and meet the obligations set by the group;
- Be curious about latest security vulnerabilities and patches;
- Actively promote security practices.
Web application development using SpringBoot
Security design flaws
OWASP Top 10 Vulnerabilities;
Security testing: penetration testing, dynamic application security testing, static application security testing, and interactive application security testing;
OWASP Application Security Verification Standard (ASVS);
Secure Development Lifecycle such as the Microsoft Secure Development Lifecycle (SDLC);
SDLC assessment via the Building Security In Maturity Model and the OWASP Software Assurance Maturity Model;
Security requirements specification using adversarial thinking, threat modelling, attack trees and abuse cases.
Student Effort Type | Hours |
---|---|
Practical | 14 |
Specified Learning Activities | 80 |
Autonomous Student Learning | 120 |
Online Learning | 20 |
Total | 234 |
Knowledge of distributed systems
Description | Timing | Component Scale | % of Final Grade | ||
---|---|---|---|---|---|
Continuous Assessment: Journalling activities describing how vulnerabilities can be exploited and prevented. | Throughout the Trimester | n/a | Graded | No | 20 |
Assignment: Implementation of a web application using SpringBoot |
Throughout the Trimester | n/a | Graded | Yes | 20 |
Assignment: A report that identifies and describes the vulnerabilities that are present in the web application developed by another team and showcases how these vulnerabilities can be exploited. | Throughout the Trimester | n/a | Graded | Yes | 30 |
Assignment: Implementation of an improved version of the web application developed in Assignment 1, with the objective to remove the vulnerabilities identified by another team in Assignment 2. | Coursework (End of Trimester) | n/a | Graded | Yes | 30 |
Remediation Type | Remediation Timing |
---|---|
In-Module Resit | Prior to relevant Programme Exam Board |
• Feedback individually to students, on an activity or draft prior to summative assessment
• Feedback individually to students, post-assessment
• Group/class feedback, post-assessment
• Peer review activities
The lecturer will provide a variety of feedback strategies. The lecturer will provide students examples of security testing techniques and strategies to prevent vulnerabilities that the students should apply in their group projects. At the end of each group project, the lecturer will provide written feedback to each group using an instructional rubric. The second group project will be peer-reviewed by a different group of students who will provide written feedback following a given set of assessment criteria.