|Year of offer||2019|
|Subject level||Graduate coursework|
|Fees||Subject EFTSL, Level, Discipline & Census Date|
The Internet pervades nearly every aspect of our lives, from banking through to dating, and onto our interactions with government. As more of our lives move online we face ever greater risks to our data and way of life from internet vulnerabilities and attacks. Web Security will examine the fundamentals behind common vulnerabilities and attacks, and will introduce students to ways of mitigating the risks associated with them. It will also examine some of the ethical challenges faced when evaluating security and disclosing vulnerabilities.
The subject will examine some of the cyber security challenges faced during system implementation and deployment. In particular it will identity common attack vectors, covering in more detail some of the Open Web Application Security Project (OWASP) Top 10 list of web application vulnerabilities, which may include topics such as injection, cross‐site scripting, session hijacking, and cross‐site request forgery, amongst others. Where appropriate practical examples will be examined to relate theory to practice. The subject will discuss methods for mitigating the risks associated with such vulnerabilities, and may include discussions on distributed denial of service, input validation and sanitization, penetration testing, and the associated ethical and legal constraints, automated vulnerability scanning, and web application firewalls.
Intended learning outcomes
On completion of this subject, students should be able to:
- Identify common attack vectors
- Discuss mitigation strategies for common attack vectors
- Develop appropriate input validation and data sanitisation strategies
- Compare software updating strategies and their effectiveness at mitigating software vulnerabilities
- Explain the importance of correctly configuring software
- Critique options for vulnerability disclosure and the associated ethical challenges
- Ability to apply knowledge of science and engineering fundamentals
- Ability to undertake problem identification, formulation and solution
- Ability to utilise a systems approach to complex problems
- Capacity for creativity and innovation
- Understanding of professional and ethical responsibilities, and a commitment to them.