60015

Network and Web Security

Module aims

In this module you will have the opportunity to gain a broad knowledge of network and web security from the network to the application layer. The emphasis of the course is both on the underlying principles and techniques, and on examples of how such principles are applied in practice.

Learning outcomes

Upon successful completion of this module you will be able to:

• evaluate main threats, attack techniques and defences relevant to cybersecurity and network security
• analyse web applications in order to identify vulnerabilities
• propose countermeasures to address vulnerabilities
• design secure web applications by leveraging security principles

Module syllabus

• Cybersecurity overview
• Threat analysis and bug finding
• Internet security
• Server­side security
• Client-side security
• Secure Web Sessions
• Emerging security standards
• Online Privacy issues  

Teaching methods

The material will be taught through traditional lectures, in-class demos and additional guest lectures by experts from cybersecurity companies with presence in the UK. There are additional scheduled laboratory sessions where you will practice concepts learned during the lectures. These will be supervised by Graduate Teaching Assistants (GTAs) and the lecturers. There will also be additional in-class tutorials where you will work through unassessed, formative exercises designed to reinforce your understanding of the material taught.

An online service will be used as a discussion forum for the module. 

Assessments

There will be one coursework that contributes 20% of the mark for the module. There will be a final written exam, which counts for the remaining 80% of the marks. The final exam will take place in the computer labs, where you will answer traditional questions designed to test the theoretical aspects taught and also perform practical security-relevant exercises on dedicated virtual machines.  

Verbal feedback will be provided via the GTAs and lecturers during the scheduled laboratory hours and also the in-class tutorial exercises. You will also receive detailed feedback on the coursework submission.        

Reading list

Supplementary 

• Professional penetration testing : creating and learning in a hacking lab /

  Wilhelm, Thomas.

  2nd ed., Syngress an imprint of Elsevier

• Professional penetration testing : creating and learning in a hacking lab

  Wilhelm Thomas

  2nd ed., Syngress

• Threat modeling : designing for security / [electronic resource]

  Shostack, Adam,

  Wiley; John Wiley and Sons

• The tangled web : a guide to securing modern web applications /

  Zalewski, Michal.

  No Starch Press

• The web application hacker's handbook : finding and exploiting security flaws /

  Stuttard, Dafydd,

  2nd ed., Wiley

Module leaders

Dr Sergio Maffeis