Course Title: Security Testing
Part A: Course Overview
Course Title: Security Testing
Credit Points: 12.00
171H School of Science
|Sem 2 2021|
Course Coordinator: Dr Shabnam Kasra Kermanshahi
Course Coordinator Phone: N/A
Course Coordinator Email: firstname.lastname@example.org
Course Coordinator Location: N/A
Course Coordinator Availability: By appointment, by email
Pre-requisite Courses and Assumed Knowledge and Capabilities
COSC2473 - Introduction to Computer Systems
COSC2537 - Security in Computing
The main objective of this course is for students to acquire the tools and techniques necessary to perform practical security testing in various areas. Students are provided with a range of practical exercises and tasks to reinforce their skills including: monitor the Internet traffic, testing of secure applications, identification of vulnerabilities in networked and mobile/wireless applications. In addition, students will learn input validation techniques to minimise security risks, man-in-the-middle attack techniques to be able to build more secure networked applications, practical secure software testing techniques to be able to test applications for security bugs.
Objectives/Learning Outcomes/Capability Development
Program Learning Outcomes
This course contributes to the following Program Learning Outcomes (PLOs) for BP094 Bachelor of Computer Science, BP096 Bachelor of Software Engineering, and BP162 Bachelor of Information Technology:
- Enabling Knowledge: You will gain skills as you apply knowledge effectively in diverse contexts.
- Critical Analysis: You will learn to accurately and objectively examine and consider computer science and information technology (IT) topics, evidence, or situations, in particular to: (i) Analyse and model requirements and constraints for the purpose of designing and implementing software artefacts and IT systems; (ii) Evaluate and compare designs of software artefacts and IT systems on the basis of organisational and user requirements.
- Problem Solving: Your capability to analyse problems and synthesise suitable solutions will be extended as you learn to: Design and implement software solutions that accommodate specified requirements and constraints, based on analysis or modelling or requirements specification.
- Communication: You will learn to communicate effectively with a variety of audiences through a range of modes and media, in particular to: Present a clear, coherent and independent exposition of software applications, alternative IT solutions, and decision recommendations to both IT and non-IT personnel via technical reports of professional standard and technical presentations. Interpret abstract theoretical propositions, choose methodologies, justify conclusions and defend professional decisions to both IT and non-IT personnel via technical reports of professional standard and technical presentations.
- Team Work: You will learn to work as an effective and productive team member in a range of professional and social situations, in particular to: Work effectively in different roles, to form, manage, and successfully produce outcomes from teams whose members may have diverse cultural backgrounds and life circumstances and differing levels of technical expertise.
On successful completion of this course you should be able to:
- CLO 1: Investigate methods that are appropriate for the realisation security testing in software, web, network and systems;
- CLO 2: Investigate and model the possible vulnerabilities and threats for a given application system;
- CLO 3: Design, implement test procedures and perform post-testing evaluation
- CLO 4: Analyse and evaluate security related scenarios
Overview of Learning Activities
The learning activities included in this course are one hour lectorial plus two hour Labtute each week over 12 weeks:
- key concepts are given on Canvas; Lectorial enables Q&A and further discussions; tools and software used will be demonstrated in the Labtute;
- labs focused on practice which allow exploration of security loopholes, and give feedback on your progress and understanding;
- assignments, as described in Overview of Assessment (below), requiring an integrated understanding of the subject matter; and private study, working through the course as presented in classes and learning materials, and gaining practice at solving conceptual and technical problems.
Overview of Learning Resources
You will make extensive use of computer laboratories and relevant software provided by the School. You will be able to access course information and learning materials through Canvas. Lists of relevant reference texts, resources in the library and freely accessible Internet sites will be provided.
Use the RMIT Bookshop’s textbook list search page to find any recommended textbook(s).
Overview of Assessment
This course has no hurdle requirements.
The assessment for this course comprises practical work involving the penetration testing, class activities and a final presentation.
Assessment 1: Assignment 1
This assessment task supports CLOs 1, 2 & 3
Assignment 1 will focus on network security where you apply your abilities and knowledge on the topics that include security foundations, Cryptographic Techniques, and Wireless Network Security. This assignment includes questions and a technical report.
Assessment 2: Assignment 2
This assessment task supports CLO 1, 3 & 4
Assignment 2 will focus on testing techniques and coding errors where you apply your abilities and knowledge on the topics that include identifying the vulnerabilities and applying several testings techniques; static and dynamic testing. This assignment includes questions and a demo.
Assessment 3: Security Vulnerabilities
This assessment 3 task supports CLO 2, 3 & 4
The objective of assessment 3 is evaluating problem solving ability and critical analysis in the form of oral presentation and a technical report.
Assessment 4: Lectorial activities
This assessment supports CLOs 1, 2, 3 & 4