Module Database Search



MODULE DESCRIPTOR
Module Title
Database and Web Security
Reference CMM523 Version 3
Created June 2022 SCQF Level SCQF 11
Approved August 2017 SCQF Points 15
Amended July 2022 ECTS Points 7.5

Aims of Module
To gain an understanding of the main security threats to databases and web applications. To enable students to develop the skills necessary to secure databases and web applications.

Learning Outcomes for Module
On completion of this module, students are expected to be able to:
1 Identify, analyse and discuss the main threats to databases and web applications.
2 Analyse and appraise the necessary countermeasures to secure databases and web applications.
3 Apply the methods and techniques used in designing secure databases and web applications.
4 Discuss the legal and ethical considerations related to data and web privacy and security.

Indicative Module Content
Security Services: Data Confidentiality, Integrity and Availability. Security Controls: Authentication, Authorisation and Auditing; Managing user accounts, roles and privileges. Data Security: Encryption, and Row-level security. Internet infrastructure and technologies: client-server architectures, client-side (e.g., HTML and JavaScript) and server-side (e.g., PHP) technologies. Threats: HTTP vulnerabilities, SQL injection, privilege misuse, cache poisoning, and cross-site scripting. Security in the development lifecycle of databases and web applications: prepared statements, Web application firewalls, input validation, etc. Database and Web Application Monitoring and Forensics. Compliance, Privacy and Ethics: web tracking and privacy (e.g., cookies), and standards (e.g., PCI-DSS).

Module Delivery
Key concepts are introduced and illustrated through lectures and directed reading. The understanding of students is tested and further enhanced through lab sessions.

Indicative Student Workload Full Time Part Time
Contact Hours 30 30
Non-Contact Hours 120 120
Placement/Work-Based Learning Experience [Notional] Hours N/A N/A
TOTAL 150 150
Actual Placement hours for professional, statutory or regulatory body    

ASSESSMENT PLAN
If a major/minor model is used and box is ticked, % weightings below are indicative only.
Component 1
Type: Coursework Weighting: 100% Outcomes Assessed: 1, 2, 3, 4
Description: This is a short term release and submit coursework covering all learning outcomes.

MODULE PERFORMANCE DESCRIPTOR
Explanatory Text
The calculation of the overall grade for this module is based on 100% weighting of C1. An overall minimum grade of D is required to pass this module.
Module Grade Minimum Requirements to achieve Module Grade:
A The student needs to achieve an A in C1.
B The student needs to achieve a B in C1.
C The student needs to achieve a C in C1.
D The student needs to achieve a D in C1.
E The student needs to achieve an E in C1.
F The student needs to achieve an F in C1.
NS Non-submission of work by published deadline or non-attendance for examination

Module Requirements
Prerequisites for Module None.
Corequisites for module None.
Precluded Modules None.

INDICATIVE BIBLIOGRAPHY
1 Connolly, T. and Begg, C., 2015. Database Systems: A Practical Approach to Design, Implementation and Management. Pearsons.
2 Prettyman, S., 2016. Lear PHP 7: Object Oriented modular Programming using HTML5, CSS3, Javascript, XMl, JSON and MySQL. Apress.
3 Mueller, J.P., 2015. Security for Web Developers: Using JavaScript, HTML and CSS. O’Reilly.
4 Cherry, D., 2015. Securing SQL Server: Protecting your database from attackers. Syngress.
5 Wright, P., 2014. Protecting Oracle database 12c. Apress.
6 Welling, L. and Thomson L., 2016. PHP and MySQL Web Development. Addison-Wesley.

Robert Gordon University, Garthdee House, Aberdeen, AB10 7QB, Scotland, UK: a Scottish charity, registration No. SC013781