ECMM464 - Security Assessment and Validation (2023)

Back | Download as PDF
MODULE TITLESecurity Assessment and Validation CREDIT VALUE15
MODULE CODEECMM464 MODULE CONVENERDr Saif Alzubi (Coordinator)
DURATION: TERM 1 2 3
DURATION: WEEKS 11
Number of Students Taking Module (anticipated)
DESCRIPTION - summary of the module content

Even if systems have been developed with security in mind, their security needs to be assessed regularly, as, e.g., new attacks might be developed. Thus, assessing and validating the security of systems, e.g., penetration testing is an important part of cyber security. In this module you will learn the theory and practice of assessing the security of systems and applications both using manual techniques as well as automated approaches. The module focuses on offensive security that might be used by “red teams.” 

Pre-requisites: ECMM462 (Fundamentals of Security) 
Co-requisites: ECMM463 (Building Secure and Trustworthy Systems)

 

AIMS - intentions of the module

This module aims to give you a broad understanding in analysing the weaknesses of a system, i.e., the areas an attacker would most likely attack a system. Driven by the discovered weaknesses, we will discuss several offensive security techniques, I.e., simulate how a threat actor (attacker) might gain access to a system or the data processed by a system.  

 In more detail, the aims of the module are to enable you to 

  • assess the security weaknesses of a system 
  • develop a strategy how to attack a system 
  • understand the both the social and technical foundations for attacking systems or organisations 
  • understand the ethical responsibilities of an offensive security researcher

 

INTENDED LEARNING OUTCOMES (ILOs) (see assessment section below for how ILOs will be assessed)

On successful completion of this module you should be able to:

Module Specific Skills and Knowledge

1. Discover security weaknesses in IT systems 
2. Assess the severity of discovered weaknesses 

Discipline Specific Skills and Knowledge

3. Understand the ethical responsibilities of a security tester 
4. Understand the concept of offensive security

Personal and Key Transferable / Employment Skills and Knowledge

5. Communicate business critical message to a non-expert audience 
6. Assess and manage the risk of your actions 

 

SYLLABUS PLAN - summary of the structure and academic content of the module

The module will cover: 

  • Threat analysis 
  • Social engineering 
  • Manual security testing (penetration testing) 
  • Vulnerability scanning 
  • Automated security testing 
  • Exploit development 

 

LEARNING AND TEACHING
LEARNING ACTIVITIES AND TEACHING METHODS (given in hours of study time)
Scheduled Learning & Teaching Activities 33.00 Guided Independent Study 117.00 Placement / Study Abroad
DETAILS OF LEARNING ACTIVITIES AND TEACHING METHODS
Category Hours of study time Description
Scheduled Learning & Teaching 22 Lectures
Scheduled Learning & Teaching 11 Tutorials or Practical Work 
Guided Independent Study  117 Background Reading and Self-Study 
 

 

ASSESSMENT
FORMATIVE ASSESSMENT - for feedback and development purposes; does not count towards module grade
Form of Assessment Size of Assessment (e.g. duration/length) ILOs Assessed Feedback Method
Tutorials and Practical Work  11 hours  All  Oral 
       
       
       
       
 

 

SUMMATIVE ASSESSMENT (% of credit)
Coursework 40 Written Exams 60 Practical Exams
DETAILS OF SUMMATIVE ASSESSMENT
Form of Assessment % of Credit Size of Assessment (e.g. duration/length) ILOs Assessed Feedback Method
Written exam  60 2 hours (Summer)  all Oral on request 
Coursework  40 50 hours  all Written 
         
         
         

 

DETAILS OF RE-ASSESSMENT (where required by referral or deferral)
Original Form of Assessment Form of Re-assessment ILOs Re-assessed Time Scale for Re-assessment
Written exam Written exam (2 hours)  All August Ref/Def Period 
Coursework Coursework All August Ref/Def Period
       
 

 

RE-ASSESSMENT NOTES

Reassessment will be by coursework and/or written exam in the failed or deferred element only. For referred candidates, the module mark will be capped at 50%. For deferred candidates, the module mark will be uncapped.

 

RESOURCES
INDICATIVE LEARNING RESOURCES - The following list is offered as an indication of the type & level of
information that you are expected to consult. Further guidance will be provided by the Module Convener

Reading list for this module:

There are currently no reading list entries found for this module.

CREDIT VALUE 15 ECTS VALUE 7.5
PRE-REQUISITE MODULES None
CO-REQUISITE MODULES None
NQF LEVEL (FHEQ) 7 AVAILABLE AS DISTANCE LEARNING No
ORIGIN DATE Tuesday 06 October 2020 LAST REVISION DATE Wednesday 18 January 2023
KEY WORDS SEARCH Security Testing, Penetration Testing, Vulnerability Scanner, Offensive Security