Module Database Search
MODULE DESCRIPTOR | |||
---|---|---|---|
Module Title | |||
Database and Web Security | |||
Reference | CMM523 | Version | 3 |
Created | June 2022 | SCQF Level | SCQF 11 |
Approved | August 2017 | SCQF Points | 15 |
Amended | July 2022 | ECTS Points | 7.5 |
Aims of Module | |||
---|---|---|---|
To gain an understanding of the main security threats to databases and web applications. To enable students to develop the skills necessary to secure databases and web applications. |
Learning Outcomes for Module | |
---|---|
On completion of this module, students are expected to be able to: | |
1 | Identify, analyse and discuss the main threats to databases and web applications. |
2 | Analyse and appraise the necessary countermeasures to secure databases and web applications. |
3 | Apply the methods and techniques used in designing secure databases and web applications. |
4 | Discuss the legal and ethical considerations related to data and web privacy and security. |
Indicative Module Content |
---|
Security Services: Data Confidentiality, Integrity and Availability. Security Controls: Authentication, Authorisation and Auditing; Managing user accounts, roles and privileges. Data Security: Encryption, and Row-level security. Internet infrastructure and technologies: client-server architectures, client-side (e.g., HTML and JavaScript) and server-side (e.g., PHP) technologies. Threats: HTTP vulnerabilities, SQL injection, privilege misuse, cache poisoning, and cross-site scripting. Security in the development lifecycle of databases and web applications: prepared statements, Web application firewalls, input validation, etc. Database and Web Application Monitoring and Forensics. Compliance, Privacy and Ethics: web tracking and privacy (e.g., cookies), and standards (e.g., PCI-DSS). |
Module Delivery |
---|
Key concepts are introduced and illustrated through lectures and directed reading. The understanding of students is tested and further enhanced through lab sessions. |
Indicative Student Workload | Full Time | Part Time |
---|---|---|
Contact Hours | 30 | 30 |
Non-Contact Hours | 120 | 120 |
Placement/Work-Based Learning Experience [Notional] Hours | N/A | N/A |
TOTAL | 150 | 150 |
Actual Placement hours for professional, statutory or regulatory body |   |   |
ASSESSMENT PLAN | |||||
---|---|---|---|---|---|
If a major/minor model is used and box is ticked, % weightings below are indicative only. | |||||
Component 1 | |||||
Type: | Coursework | Weighting: | 100% | Outcomes Assessed: | 1, 2, 3, 4 |
Description: | This is a short term release and submit coursework covering all learning outcomes. |
MODULE PERFORMANCE DESCRIPTOR | |
---|---|
Explanatory Text | |
The calculation of the overall grade for this module is based on 100% weighting of C1. An overall minimum grade of D is required to pass this module. | |
Module Grade | Minimum Requirements to achieve Module Grade: |
A | The student needs to achieve an A in C1. |
B | The student needs to achieve a B in C1. |
C | The student needs to achieve a C in C1. |
D | The student needs to achieve a D in C1. |
E | The student needs to achieve an E in C1. |
F | The student needs to achieve an F in C1. |
NS | Non-submission of work by published deadline or non-attendance for examination |
Module Requirements | |
---|---|
Prerequisites for Module | None. |
Corequisites for module | None. |
Precluded Modules | None. |
INDICATIVE BIBLIOGRAPHY | |
---|---|
1 | Connolly, T. and Begg, C., 2015. Database Systems: A Practical Approach to Design, Implementation and Management. Pearsons. |
2 | Prettyman, S., 2016. Lear PHP 7: Object Oriented modular Programming using HTML5, CSS3, Javascript, XMl, JSON and MySQL. Apress. |
3 | Mueller, J.P., 2015. Security for Web Developers: Using JavaScript, HTML and CSS. O’Reilly. |
4 | Cherry, D., 2015. Securing SQL Server: Protecting your database from attackers. Syngress. |
5 | Wright, P., 2014. Protecting Oracle database 12c. Apress. |
6 | Welling, L. and Thomson L., 2016. PHP and MySQL Web Development. Addison-Wesley. |