SCQF Level: 09
Module Code: CMP319
Credit Value: 20
Term: Term 1
School: School of Arts, Media and Games
This module develops a critical understanding of advanced techniques used by Ethical Hackers to examine the security of web applications and mobile devices.
The aim of this module is to provide the student with an understanding of advanced computer hacking and the countermeasures that a company can take to minimise their effect.
By the end of this module the student should be able to:
1. Analyse and critically evaluate techniques used to break into an insecure web application and identify relevant countermeasures.
2. Critically evaluate specific countermeasures to advanced hacking techniques
3. Demonstrate a critical evaluation of an advanced security topic with an independent project.
1 Web Application Security
Core Defence Mechanisms. Handling User Access, Authentication, Session Management, Access Control.
2 Web Application Technologies
HTTP Protocol, Requests, Responses and Methods. Encoding schemes. Server side functionality technologies (Java, ASP, PHP).
3 Injecting Code
Attacking SQL Servers, Sniffing, Brute Forcing and finding Application Configuration Files, Input validation attacks. Preventive Measures.
4 Bypassing Client Side Controls
Manipulating cookies, URL parameters, ActiveX controls, Shockwave controls.
5 Attacking Authentication
Attacking Session Management, Design Flaws in Authentication Mechanisms Attacking Forgotten Password Functionality, attacking Password change functions. Countermeasures to authentication attacks
6 Header 6
Reflected XSS Vulnerabilities, Stored XSS Vulnerabilities, DOM-Based XSS Vulnerabilities, HTTP Header Injection. Countermeasures to XSS.
7 Web Server Security
Popular web servers and common security threats. Attacks against IIS and Apache. Increasing web server security. Countermeasures (e.g. correct Web Application Set-up).
8 Basics of mobile application security
Basics of mobile application security
Statement on Teaching, Learning and Assessment
The lectures and practicals will assist students in developing an understanding of the shape, history and the contemporary dynamic of Ethical Hacking. The module is underpinned by legal, ethical and professional issues. This module employs a problem-first and practice-led learning approach. Ethical Hacking techniques and methodologies will be introduced through a practical and exploratory approach and within the context of developing a secure system. This activity will constitute 75% of the contact time. Once expertise is established the general contribution of the technique or methodology to the wider area of Ethical Hacking will be reinforced in theory.
Teaching and Learning Work Loads
|Supervised Practical Activity||45|
|Unsupervised Practical Activity||0|
Credit Value – The total value of SCQF credits for the module. 20 credits are the equivalent of 10 ECTS credits. A full-time student should normally register for 60 SCQF credits per semester.