Description
This module develops a critical understanding of advanced techniques used by Ethical Hackers to examine the security of binary web applications
Aims
The aim of this Module is to provide the student with specialist knowledge and experience of advanced hacking techniques and their countermeasures.
Learning Outcomes
By the end of this module the student should be able to:
1. Critically evaluate the potential countermeasures to advanced hacking techniques.
2. Analyse and critically evaluate techniques used to test the security of an insecure web application and identify relevant countermeasures.
3. Demonstrate a critical evaluation of an advanced security topic with an independent project.
Indicative Content
1 Web Application Security.
Core Defence Mechanisms. Handling User Access, Authentication, Session Management, Access Control.
2 Web Application Technologies.
HTTP Protocol, Requests, Responses and Methods. Encoding schemes. Server side functionality technologies (Java, ASP, PHP).
3 Injecting Code.
Attacking SQL Servers, Sniffing, Brute Forcing and finding Application Configuration Files, Input validation attacks. Preventive Measures.
4 Attacking Authentication.
Attacking Session Management, Design Flaws in Authentication Mechanisms Attacking Forgotten Password Functionality, attacking
5 Attacking Other Users.
Reflected XSS Vulnerabilities, Stored XSS Vulnerabilities, DOM-Based XSS Vulnerabilities, HTTP Header Injection. Countermeasures to XSS.
6 Binary auditing tools.
Debuggers, add-ons, debugging techniques.
7 Binary auditing.
Source code auditing, Black box auditing, Reverse engineering auditing, Copy protection auditing.
8 Buffer Overflows
Significance of Buffer Overflow Vulnerability, Why Programs and Applications are Vulnerable. Reasons for Buffer Overflow Attacks. Methods of ensuring that buffer overflows are trapped.
9 Overcoming operating system countermeasures.
Avoiding Data Execution Prevention (DEP). Address Space Randomisation Layout (ASLR) evasion using ROP chains.
Teaching and Learning Work Loads
| Teaching and Learning Method | Hours |
| Lecture | 15 |
| Tutorial/Seminar | 0 |
| Practical Activity | 45 |
| Assessment | 60 |
| Independent | 80 |
| Total | 200 |
Guidance notes
SCQF Level - The Scottish Credit and Qualifications Framework provides an indication of the complexity of award qualifications and associated learning and operates on an ascending numeric scale from Levels 1-12 with SCQF Level 10 equating to a Scottish undergraduate Honours degree.
Credit Value – The total value of SCQF credits for the module. 20 credits are the equivalent of 10 ECTS credits. A full-time student should normally register for 60 SCQF credits per semester.
Disclaimer
We make every effort to ensure that the information on our website is accurate but it is possible that some changes may occur prior to the academic year of entry. The modules listed in this catalogue are offered subject to availability during academic year 2021/22 , and may be subject to change for future years.
