Module Database Search
| MODULE DESCRIPTOR | |||
|---|---|---|---|
| Module Title | |||
| Mobile and Web App Security | |||
| Reference | CM3702 | Version | 3 |
| Created | April 2019 | SCQF Level | SCQF 9 |
| Approved | June 2017 | SCQF Points | 30 |
| Amended | May 2019 | ECTS Points | 15 |
| Aims of Module | |||
|---|---|---|---|
| To enable the student to develop effective mobile computing applications to meet client needs using appropriate software tools. To provide students with an understanding of the main security threats to web based systems. | |||
| Learning Outcomes for Module | |
|---|---|
| On completion of this module, students are expected to be able to: | |
| 1 | Select and make effective use of software tools to implement, simulate/test applications for mobile phones and other resource constrained computing devices in order to test/improve security. |
| 2 | Design and develop effective mobile computing applications integrating appropriate software tools and technologies in order to provide client/end-user value within a business context. |
| 3 | Identify and analyse web systems for possible security weaknesses. |
| 4 | Critically appraise security techniques for the design of web based systems. |
| Indicative Module Content |
|---|
| The module will develop competence in developing mobile applications moving on to understanding the security of mobile and web application and devices from a product development standpoint. Key app development topics will include: application fundamentals; application components i.e activities, services, content providers, broadcast receivers; component activation by intent; user interface design (UI) and implementation: declaring layouts and handling UI events; data storage on the mobile device; communication via the internet. Key app security concepts of identifying, exploiting and defending against attacks will also be studied. This will include aspects, which are the responsibility of the developer or system administrator such as server configuration, authentication mechanisms and application language configuration. The module will demonstrate a number of exploits and attacks that can be performed on internet/mobile systems and methods to protect against them. The module will also look at vulnerabilities in the execution environments including web and mobile browser vulnerabilities and exploits. Standards and Best Practice Guides: ISO 9001, ISO 27001, ISO 27014, ISO 27034. |
| Module Delivery |
|---|
| The module is delivered in Blended Learning mode using structured online learning materials/activities and directed study, facilitated by regular online tutor support. Workplace Mentor support and work-based learning activities will allow students to contextualise this learning to their own workplace. Face-to-face engagement occurs through annual induction sessions, employer work-site visits, and modular on-campus workshops. |
| Indicative Student Workload | Full Time | Part Time |
|---|---|---|
| Contact Hours | 30 | N/A |
| Non-Contact Hours | 30 | N/A |
| Placement/Work-Based Learning Experience [Notional] Hours | 240 | N/A |
| TOTAL | 300 | N/A |
| Actual Placement hours for professional, statutory or regulatory body | 240 |
| ASSESSMENT PLAN | |||||
|---|---|---|---|---|---|
| If a major/minor model is used and box is ticked, % weightings below are indicative only. | |||||
| Component 1 | |||||
| Type: | Coursework | Weighting: | 50% | Outcomes Assessed: | 1, 2 |
| Description: | A report documenting the design and implementation of a mobile application. | ||||
| Component 2 | |||||
| Type: | Coursework | Weighting: | 50% | Outcomes Assessed: | 3, 4 |
| Description: | A report documenting the security features of a web application. | ||||
| MODULE PERFORMANCE DESCRIPTOR | ||||||||
|---|---|---|---|---|---|---|---|---|
| Explanatory Text | ||||||||
| The calculation of the overall grade for this module is based on 50% weighting of C1 and 50% weighting of C2. An overall minimum grade of D is required to pass the module. | ||||||||
| Coursework: | ||||||||
| Examination: | A | B | C | D | E | F | NS | |
| A | A | A | B | B | C | E | ||
| B | A | B | B | C | C | E | ||
| C | B | B | C | C | D | E | ||
| D | B | C | C | D | D | E | ||
| E | C | C | D | D | E | E | ||
| F | E | E | E | E | E | F | ||
| NS | Non-submission of work by published deadline or non-attendance for examination | |||||||
| Module Requirements | |
|---|---|
| Prerequisites for Module | None. |
| Corequisites for module | None. |
| Precluded Modules | None. |
| INDICATIVE BIBLIOGRAPHY | |
|---|---|
| 1 | SPASOJEVIC, B, 2015, Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition |
| 2 | SHEMA, M., 2012, Hacking web apps: detecting and preventing web application security problems, Syngress |
| 3 | Open Web Application Security Project (OWASP) https://www.owasp.org |
| 4 | Computer Security Student− Web hacking tutorials https://computersecuritystudent.com |
| 5 | ANNUZZI J., DARCY L., CONDER S.. 2015. Introduction to Android Application Development, 5th Edition. Addison Wesley. |
| 6 | Android Developers http://developer.android.com |
| 7 | TUMULA, C.S.R. AND BURCH, L.L., Netiq Corporation, 2016. Techniques for protecting mobile applications. U.S. Patent 9,240,977. |