Network and Web Security
To cover network and web security broadly from the network to the application layer. The emphasis of the course is on the underlying principles and techniques, with examples of how they are applied in practice.
At the end of the course, a student will have an understanding of the themes and challenges of network and web security, and the current state of the art. The student will have developed a critical approach to the analysis of network security and web application security, and will be able to bring this approach to bear on future decisions regarding security.
Specific learning outcomes:
• Sustain a conversation on cybersecurity.
• Describe main threats, attack techniques and defences relevant to cybersecurity and network security.
• Identify vulnerabilities in web applications, propose countermeasures.
• Design secure web applications by leveraging security principles.
Cybersecurity: Overview; Vulnerabilities; Passwords; Malware; Botnets; Main cyber attacks, typical defenses and their limitations.
Threat analysis and bug finding: Secure software development life cycle (SSDLC); Threat modelling; Code review and testing; Penetration testing.
Internet security: TCP/IP; DNS; URIs; HTTP; SSL/TLS.
Server-‐side security: Data breaches; Server-‐side threats, including command injection and path traversal; PHP; SQLi attacks; Other attacks.
Sessions: Cookies; CSRF and other attacks on sessions; Secure sessions; Social sign-‐on and related attacks.
Emerging security standards: CORS; HTML5 sandboxing; CSP; HSTS.
Privacy issues: Device fingerprinting; Web tracking.
Guest lectures: 3 lectures by experts from cybersecurity companies with presence in the UK.
Several topics discussed during the module require a general knowledge of computer networks, distributed systems, and programming languages.
Recommended (not required) prerequisites:
• CO211 Operating systems
• CO212 Networks and Communications
• CO408H Privacy Enhancing Techniques
• CO409 Cryptography
• CO440 Software Reliability
• CO470 Program Analysis
18 hours classroom-‐based, 9 hours laboratory--based.
*This is a level 6/H course
Assessed coursework: practical and written exercises.
Final exam: laboratory based, comprising practical exercises and written questions.
2nd ed., Syngress an imprint of Elsevier
No Starch Press
2nd ed., Wiley
2nd ed., Wiley