Security for web developers (EN)
2020/2021- Purpose
The module is designed to give the students an idea of some of the challenges that web developers face when implementing web applications. It also gives some suggestions on how to handle these challenges, and what to be especially aware of.
KnowledgeThe goal is that the student gains knowledge of:
Skills
● How hackers exploit web applications
● Basic web application security concepts
● Basic principles of cryptography
● Collecting information about new attack patterns
● Applying basic security assessmentThe goal is that the student is able to:
Competences
● Apply risk management with focus on IT-security
● Apply the principle of layered security
● Spot potential security flaws in web applications
● Use best practice on some web security challengesThe goal is that the student is able to build a full stack web application designed with security in mind, and by applying secure principles
- Type of instruction and
practical application of learning objectives
The teaching method is a mix of lectures, exercises and project work. Each lecture will consist of a part with new theory and a part in which the teacher applies the new theory in a practical solution by doing ”live” coding on a sample project. After that, the students will work with an exercise or they will apply the new theory directly to their exam project while
the teacher helps the students in a workshop style setting.
The project work period is approx. 5 weeks during which the exam project is in focus. - Subject/module requirement for
participation
Academic requirement for participation
Good skills in programming. The examples in class will be shown in PHP, but you are allowed to use any programming language yourself. - Exam
The learning outcomes of the exam are identical with the learning outcomes of the subject(s)/modul(es)
Prerequisites for access to the examinationThere is one mandatory activity per 5 ECTS. A 10-ECTS module thus contains two mandatory
activities, while a 5-ECTS module contains one mandatory activity. This is described in the relevant
semester/class room on Fronter. Documentation of mandatory activities must be submitted
via Fronter.Exam in one or more subjectsSubject/module is tested standaloneThis elective will be completed by a project and an exam.
The project is typically developed by a group of 2-4 students.
The students must produce a web application based on the subjects from the course based on good coding practices. All the subjects should be included in the project.Type of examOral examinationIndividual exam or group examIndividual or group, 2-4 max participantsExam languagesEnglishDurationThe student must give a 5-minute presentation, followed by a 25-minute examination of the student, including grading.Type of evaluation7-point grading scaleExaminersInternal censureExam criteriaOne aggregate grade is awarded based on an overall assessment of the project, the presentation and the following examination. - Preliminary literature list
This is a preliminary literature list. A final literature list will be provided in connection with study start.A series of relevant links.
In the subject Security for web developers (EN) you will receive 90 hours of instruction, which corresponds to 120 lessons (1 lesson = 45 min.) and 33% of your total workload for the subject.
The teaching primarily consists of the following activities: classroom teaching.
The preparation primarily consists of the following activities: reading the curriculum, exercises, project work.
Read about KEAs Study Activity Model
*KEA can deviate from the number of hours if this is justified by special circumstances