This page displays the selected Module Descriptor.
Printer friendly version
Session: 2022/23
Last modified: 10/01/2023 10:45:11
|
Title of Module: Web Application Security Testing |
|---|
|
Code: COMP09109 |
SCQF Level: 9
(Scottish Credit and Qualifications Framework) |
Credit Points: 20 |
ECTS: 10
(European Credit Transfer Scheme) |
|---|
| School: | School of Computing, Engineering and Physical Sciences |
|---|
| Module Co-ordinator: | Althaff
Mohideen |
|---|
| Summary of Module |
|---|
The aim of the module is to provide advanced web application testing and ethical hacking practice to provide students with an understanding of web application vulnerabilities including their causes and consequences as well as the methodologies for testing and how to protect applications.
Undertaking this module will develop a range of graduate attributes. Knowledge in the principles behind the techniques used to create secure web applications. Sourcing, reviewing and applying current best practices will develop critical thinking and anaylitical skills.
|
| Module Delivery Method |
|---|
| Face-To-Face | Blended | Fully Online | HybridC | HybridO | Work-based Learning |
|  | | | | |
Face-To-Face
Term used to describe the traditional classroom environment where the students and the lecturer meet synchronously in the same room for the whole provision.
Blended
A mode of delivery of a module or a programme that involves online and face-to-face delivery of learning, teaching and assessment activities, student support and feedback. A programme may be considered “blended” if it includes a combination of face-to-face, online and blended modules. If an online programme has any compulsory face-to-face and campus elements it must be described as blended with clearly articulated delivery information to manage student expectations
Fully Online
Instruction that is solely delivered by web-based or internet-based technologies. This term is used to describe the previously used terms distance learning and e learning.
HybridC
Online with mandatory face-to-face learning on Campus
HybridO
Online with optional face-to-face learning on Campus
Work-based Learning
Learning activities where the main location for the learning experience is in the workplace.
|
| Term(s) for Module Delivery |
|---|
|
(Provided viable student numbers permit).
|
| Term 1 | | Term 2 | | Term 3 | |
[Top of Page]
| Learning Outcomes: (maximum of 5 statements) |
|---|
On successful completion of this module the student will be able to:
L1.
demonstrate a critical understanding of legal risks of web application testing;
L2.
demonstrate and understanding of tSecure Web Architectures
L3.
develop scripting skills and use a variety of tools to undertake rigorous analysis of the vulnerability;
L4.
develop skills to discover and exploit vulnerability in web applications;
L5.
recommend measures to improve security of web applications; |
| Employability Skills and Personal Development Planning (PDP) Skills |
|---|
| SCQF Headings |
During completion of this module, there will be an opportunity to achieve
core skills in:
|
|---|
| Knowledge and Understanding (K and U) |
SCQF Level 9.
A detailed understanding of architecture of web applications, protection scheme for web applications, and cryptography for web application. |
| Practice: Applied Knowledge and Understanding |
SCQF Level 9.
The ability to use a variety of tools to discover and analyse the vulnerability of web applications. |
| Generic Cognitive skills |
SCQF Level 9.
Systematic planning and undertaking of testing and hacking. |
| Communication, ICT and Numeracy Skills |
SCQF Level 9.
Effective use of variety of tools. Analytic skills in identifying the weaknesses and vulnerability of systems. Report writing and presentation skills. |
| Autonomy, Accountability and Working with others |
SCQF Level 9.
Teamwork skills. |
* Indicates that module descriptor is not published.
[Top of Page]
| Learning and Teaching |
|---|
| Learning and teaching will be delivered through a variety of mechanisms, including lectures, seminars, practical sessions, case studies and group projects. |
Learning Activities
During completion of this module, the learning activities undertaken to
achieve the module learning outcomes are stated below:
| Student Learning Hours
(Normally totalling 200 hours):
(Note: Learning hours include both contact hours and hours spent on other learning activities) |
| Lecture/Core Content Delivery | 12 |
| Tutorial/Synchronous Support Activity | 12 |
| Laboratory/Practical Demonstration/Workshop | 24 |
| Independent Study | 152 |
| 200
Hours Total
|
|
**Indicative Resources: (eg. Core text, journals, internet
access)
|
|---|
The following materials form essential underpinning for the module content
and ultimately for the learning outcomes:
Andreu, A. (2006) Professional Pen Testing for Web Applications (Programmer to Programmer). (1st Edition). Wrox
Najera-Gutierrez, G. and Ansari, J.A. (2018) Web Penetration Testing with Kali Linux - Third Edition: Explore the methods and tools of ethical hacking with Kali Linux Paperback. (3rd Edition) Packt Publishing
Harper, A., Eagle, C., Ness, J., Harris, S., Spasojevic, B., Regalado, D., Linn, R. and Sims, S. (2011) Grey Hat Hacking (4th Edition). McGraw-Hill.
Erikson, E. (2008) Hacking: The Art Of Exploitation. No Starch Press.
Internet access to Moodle to allow student access to all teaching material, including slides, tutorials, coursework and lab sheets for the practical aspects of the syllabus.
A suitably equipped lab.
|
|
(**N.B. Although reading lists should include current publications,
students are advised (particularly for material marked with an asterisk*) to
wait until the start of session for confirmation of the most up-to-date
material)
|
| Engagement Requirements |
|---|
In line with the Academic Engagement Procedure, Students are defined as academically engaged if they are regularly engaged with timetabled teaching sessions, course-related learning resources including those in the Library and on the relevant learning platform, and complete assessments and submit these on time. Please refer to the Academic Engagement Procedure at the following link: Academic engagement procedure |
[Top of Page]
Supplemental Information
| Programme Board | Computing |
|---|
| Assessment Results (Pass/Fail) |
No
|
|---|
| Subject Panel | Business & Applied Computing |
|---|
| Moderator | Zeeshan Pervez |
|---|
| External Examiner | M Davis |
|---|
| Accreditation Details | |
|---|
| Version Number | 1.05 |
|---|
[Top of Page]
| Assessment: (also refer to Assessment Outcomes Grids below) |
|---|
| Practical Coursework (60%) |
| Research-based Project (40%). |
(N.B. (i) Assessment Outcomes Grids for the module
(one for each component) can be found below which clearly demonstrate how the learning outcomes of the module
will be assessed.
(ii) An indicative schedule listing approximate times
within the academic calendar when assessment is likely to feature will be
provided within the Student Handbook.)
|
Assessment Outcome Grids (Footnote A.)
Footnotes
A. Referred to within Assessment Section above
B. Identified in the Learning Outcome Section above
[Top of Page]
Note(s):
- More than one assessment method can be used to assess individual learning outcomes.
-
Schools are responsible for determining student contact hours. Please refer to University Policy on contact hours (extract contained within section 10 of the Module Descriptor guidance note).
This will normally be variable across Schools, dependent on Programmes &/or Professional requirements.
|
| Equality and Diversity |
|---|
This module is suitable for any student. The assessment regime will be applied flexibly so that a student who can attain the practical outcomes of the module will not be disadvantaged. When a student discloses a disability, or if a tutor is concerned about a student, the tutor in consultation with the School Enabling Support co-ordinator will agree the appropriate adjustments to be made.
UWS Equality and Diversity Policy |
|
(N.B. Every effort
will be made by the University to accommodate any equality and diversity issues
brought to the attention of the School)
|