Study information

Security Assessment and Validation - 2020 entry

MODULE TITLESecurity Assessment and Validation CREDIT VALUE15
MODULE CODEECMM464 MODULE CONVENERUnknown
DURATION: TERM 1 2 3
DURATION: WEEKS 11
Number of Students Taking Module (anticipated) 16
DESCRIPTION - summary of the module content

Even if systems have been developed with security in mind, their security needs to be assessed regularly, as, e.g., new attacks might be developed. Thus, assessing and validating the security of systems, e.g., penetration testing is an important part of cyber security. In this module you will learn the theory and practice of assessing the security of systems and applications both using manual techniques as well as automated approaches. The module focuses on offensive security that might be used by “red teams.” 

Pre-requisites: ECM4xxx-a (Fundamentals of Security) 
Co-requisites: ECM4xxx-b (Building Secure and Trustworthy Systems)

 

AIMS - intentions of the module

This module aims to give you a broad understanding in analysing the weaknesses of a system, i.e., the areas an attacker would most likely attack a system. Driven by the discovered weaknesses, we will discuss several offensive security techniques, I.e., simulate how a threat actor (attacker) might gain access to a system or the data processed by a system.  

 In more detail, the aims of the module are to enable you to 

  • assess the security weaknesses of a system 
  • develop a strategy how to attack a system 
  • understand the both the social and technical foundations for attacking systems or organisations 
  • understand the ethical responsibilities of an offensive security researcher

 

INTENDED LEARNING OUTCOMES (ILOs) (see assessment section below for how ILOs will be assessed)

Module Specific Skills and Knowledge: 

1 

Discover security weaknesses in IT systems 

2 

Assess the severity of discovered weaknesses 

Discipline Specific Skills and Knowledge: 

3 

Understand the ethical responsibilities of a security tester 

4 

Understand the concept of offensive security 

Personal and Key Transferable/ Employment Skills and Knowledge: 

5 

Communicate business critical message to a non-expert audience 

6 

Assess and manage the risk of your actions 

 

SYLLABUS PLAN - summary of the structure and academic content of the module

The module will cover: 

  • Threat analysis 
  • Social engineering 
  • Manual security testing (penetration testing) 
  • Vulnerability scanning 
  • Automated security testing 
  • Exploit development 

 

LEARNING AND TEACHING
LEARNING ACTIVITIES AND TEACHING METHODS (given in hours of study time)
Scheduled Learning & Teaching Activities 33 Guided Independent Study 117 Placement / Study Abroad
DETAILS OF LEARNING ACTIVITIES AND TEACHING METHODS

Category  

Hours of study time  

Description  

Scheduled Learning & Teaching 

22 

Lectures 

Scheduled Learning & Teaching 

11 

Tutorials or Practical Work 

Guided Independent Study 

117 

Background Reading and Self-Study 

 

ASSESSMENT
FORMATIVE ASSESSMENT - for feedback and development purposes; does not count towards module grade

Form of Assessment 

Size of the assessment e.g. duration/length 

ILOs assessed 

Feedback method 

Tutorials and Practical Work 

11 hours 

All 

Oral 

 

SUMMATIVE ASSESSMENT (% of credit)
Coursework 30 Written Exams 70 Practical Exams
DETAILS OF SUMMATIVE ASSESSMENT

Form of Assessment 

 

% of credit 

Size of the assessment e.g. duration/length 

ILOs assessed  

Feedback method 

Written exam 

70 

2 hours (Summer) 

all 

Oral on request 

Coursework 

30 

50 hours 

all 

Written 

 

DETAILS OF RE-ASSESSMENT (where required by referral or deferral)

Original form of assessment 

Form of re-assessment  

ILOs re-assessed 

Time scale for re-assessment 

All above 

Written exam (100%) 

All 

Ref/Def Examination Period 

 

RE-ASSESSMENT NOTES

Students may be referred/deferred in the written exam, the coursework, or both, depending on their performance in the original assessment or the reasons for referral/deferral.

 

RESOURCES
INDICATIVE LEARNING RESOURCES - The following list is offered as an indication of the type & level of
information that you are expected to consult. Further guidance will be provided by the Module Convener

Reading list for this module:

Type Author Title Edition Publisher Year ISBN
Set D. Stuttard and M. Pinto The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws O'Reilly 2011
Set Basta, A and Halton, W Computer Security and Penetration Testing Delmar Learning 2007
Set Forshaw, J Attacking Network Protocols: A Hacker's Guide to Capture, Analysis and Exploitation No Starch Press 2017
Set Erickson, J Hacking: The Art of Exploitation 2nd No Starch Press 2008
CREDIT VALUE 15 ECTS VALUE 7.5
PRE-REQUISITE MODULES None
CO-REQUISITE MODULES None
NQF LEVEL (FHEQ) 7 AVAILABLE AS DISTANCE LEARNING No
ORIGIN DATE Wednesday 25th March 2020 LAST REVISION DATE Tuesday 9th March 2021
KEY WORDS SEARCH Security Testing, Penetration Testing, Vulnerability Scanner, Offensive Security

Please note that all modules are subject to change, please get in touch if you have any questions about this module.