Module Specification

Application Security

London school of INNOVATION

Module Specification

Application Security


Internet and Web security principles are primarily applied to Internet-based systems. An overview of web applications will be the opening topic of this course. This will be followed by an introduction to web application security and its dissimilarity to network security. Web Application Security (WAS) scanners and testing will be explained and defined. Tips on securing your web application will also be studied in this course.


Code Number of Credits ECTS Credits Framework HECoS code
AS61 15 7 FHEQ - L6 computer science (100366)

Learning outcomes

There are no module learning outcomes to display.

Assessment Patterns

Weighting Format Outcomes assessed
40% Invigilated Exam
This is a time-limited and closed-book exam with a mix of multiple-choice and analytical written questions that students undertake during the summative assessment period as scheduled under the School’s remote invigilation conditions to ensure quality and academic integrity.

The exam enables the students to demonstrate their successful attainment of the module learning outcomes, primarily related to knowledge and understanding, and secondarily related to Professional/Transferable Skills.

The analytical written questions will consist of problem questions representing issues and dilemmas students are likely to encounter in professional life and students have to synthesise and apply what they have learnt on the module in order to produce sound and reasoned judgements with respect to the problem.

To enable the students to practice and prepare, various formative assessment activies, including quizzes and a AI-augmented assignments and mock exams are built into the module. Additionally, throughout the course, students will regularly receive feedback on their knowledge and assignments from AI as well as peers and staff to indicate how to improve future work and how to give constructive feedback to others.
60% Technical Analysis and Solution Assessment
This assessment requires students to develop a solution to a complex problem within a simulated domain, followed by a detailed analysis and reflection on their design and its theoretical underpinnings. The aim is to assess students' abilities to design practical solutions, critically analyse their work, and articulate their understanding of the technical and theoretical aspects of the module.

Student workload

Activity Total hours
Introductory lecture 1.50
Concept learning (knowledge graph) 18.00
AI formative assessment 9.00
Case Study Review 9.00
Workshop/Lab Sessions 13.50
Individual or group assignments 18.00
Independent reading, exploration and practice 51.00
Summative assessment 30.00
150.00

Content Structure

Week Chapter Name Chapter Description
Week 1 Introduction 1. Introduction
Week 2 Basics of web security Overview of web security and its importance
Understanding web security threats and vulnerabilities
Best practices for web security
DNS, HTTP
Week 3 Common Web Security Threats Understanding common web security threats, such as SQL injection and cross-site scripting (XSS)
Identifying and mitigating these threats
Best practices for securing web applications against common threats
Week 4 Cookies and Sessions Explanation of cookies and sessions
Ambient authority and access control systems
Signature schemes for providing integrity, non-repudiation, and authenticity
Week 5 Session attacks, Cross-Site Request Forgery What is Session hijacking and mitigating the problem
Session hijacking via Cross-Site Scripting
Protecting cookies with XSS
Can we make the cookie path secure?
Demo of Cross-Site Request Forgery
How to mitigate Cross-Site Request Forgery
Week 6 Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) is a type of security vulnerability that allows an attacker to inject malicious code into a web page viewed by other users. In this chapter the following topics are covered:
Main types of XSS attacks
Measure for preventing XSS including:
1- input validation and output sanitization
2- Content security policy
3- HTTP-only cookies
4- Secure coding practices
Week 7 Cross-Site Scripting Defences Server-side attacks are attacks that exploit vulnerabilities in server-side software. These attacks can compromise the confidentiality, integrity, and availability of data and services hosted on the server. This chapter covers methods and strategies for such attacks:
Maintenance of the server-side strategies
Secure coding practices
Managing access control
Firewalls
Logging and monitoring strategies
Week 8 Authentication Understanding the difference between authentication and authorization
Best practices for password management
Using multi-factor authentication for enhanced security
Week 9 SQL Injection Understanding what SQL injection attacks are and how they work
Best practices for preventing SQL injection attacks
Using prepared statements and stored procedures to prevent SQL injection
Week 10 Security Headers Understanding the role of security headers in web security
Best practices for using security headers such as X-XSS-Protection and X-Content-Type-Options
Using HTTP Strict Transport Security (HSTS) for enhanced security
Week 11 Cloud Security Understanding the unique challenges of cloud security
Best practices for securing cloud-based applications and services
Common cloud security vulnerabilities and how to avoid them
Week 12 Vulnerability Scanning and Penetration Testing Understanding the role of vulnerability scanning and penetration testing in web security
Best practices for conducting vulnerability scans and penetration tests
Using tools such as Nmap and Metasploit for testing web security
Week 13 Secure Web Application Development Best practices for secure web application development
Common web application vulnerabilities and how to avoid them
Using secure coding practices
Week 14 SecureaLegal and Ethical Considerations in Web Security Understanding the legal and ethical considerations in web security
Best practices for ensuring compliance with laws and regulations such as GDPR and HIPAA
Ethical considerations for web security professionals

Module References

Type Description
Book Hoffman, A. (2020). Web Application Security: Exploitation and Countermeasures for Modern Web Applications. O'Reilly Media.
Book Quinton, E. (2017). Safety of web applications: risks, encryption and handling vulnerabilities with PHP. Elsevier.
Book Sullivan, B., & Liu, V. (2011). Web application security, a beginner's guide. McGraw-Hill Education Group.

Methods of teaching/learning


Introductory lecture (1.50 hours)

This is the first weekly session, dedicated to providing a comprehensive introduction to the module. The module leader will present an overview of the subject, elucidating its importance within various digital engineering professions and its interrelation with other modules. Students will need no preparation ahead of attending this session.

The module leader will provide a structured breakdown of the content to be covered in the subsequent 9 sessions. Students will also receive an outline of the essential reference materials, alongside suggestions for supplementary reading. The format and criteria for the summative assessment will be delineated, followed by a dedicated period for questions and answers.

A recording of the session will be available to facilitate async engagement for any other student who missed the class, also offering an opportunity to review the content again.


Concept learning (knowledge graph) (18.00 hours)

Our institution's approach to teaching is primarily based on flipped learning. Ahead of each weekly session (Workshop/Lab), students will be required to study the essential concepts that are used in the coming session so they are familiar with the theories and ideas related to that session. The study material will be in the form of written content, illustrations, pre-recorded lectures and tutorials, and other forms of content provided through the AGS.

This content is self-navigated by the students, accommodating different learning styles and schedules, allowing students to watch or listen to them at their own pace and review them as needed.


AI formative assessment (9.00 hours)

Once each concept of the theory is studied, students will be prompted to engage in formative assessment with instant AI feedback. They include multiple-choice questions, socratic questions and answers, written questions, role-play and other AI-assisted practice scenarios.

The purpose of this automated formative assessment is to provide students with immediate feedback on their understanding of module material and highlight any areas that need support or further study. They are also used to track student progress, boost motivation and promote accountability.


Case Study Review (9.00 hours)

In this learning activity, students explore recent real-world case studies relevant to their course topic. The case studies will have been selected and curated by the module leader to represent up-to-date examples. They guide students through key details, contextual factors, and outcomes. This approach enhances students' understanding of current industry trends, challenges, and solutions, preparing them for real-world scenarios they may encounter in their future careers.

The learning experienced will be augmented by AI (virtual private tutor) allowing the students to critically engage with the content and discuss the case studies.


Workshop/Lab Sessions (13.50 hours)

The 9 weekly sessions following the introduction (weeks 2 to 10) will be dedicated to teaching the contents of the module during interactive workshops. These sessions will complement the theory with practice, experience or analysis. Their purpose is to advance the student's cognition from 'knowledge' to 'understand' and 'apply'.

Depending on the nature of the content, challenges and learning activities will be pre-designed to apply flipped learning, and may include hands-on project work, group discussions or debates, roleplay, simulation, case study or other presentation, and other learning activities and opportunities. These workshops present an opportunity to apply critical thinking and problem-solving skills. They also encourage collaboration and foster a sense of community among students. There will be an opportunity also for Q&A in every session.


Individual or group assignments (18.00 hours)

Each Workshop/Lab session will be followed by an assignment. Assignments are used to reinforce learning and encourage independent thinking and problem-solving. They help the students identify the gaps in their understanding of the subject and provide them with an opportunity to apply what they have learned in a practical setting.

Assignments can be individual or group-based (teams of 2 to 4). They can take many forms, including essays, presentations, or projects. When they are group-based, teams will be randomly picked by AGS, in order to promote broader teamwork practice. Assignment files will be uploaded to AGS by the students ahead of the next weekly session. Feedback will be provided on each submitted assignment.


Independent reading, exploration and practice (51.00 hours)

This activity challenges students to engage with the reference material and independently explore and analyse academic literature related to the course topic. Students are expected to select relevant sources, practice critical reading skills, and where applicable technical skills, and synthesise information from multiple references. This is an opportunity to enhance research abilities, critical thinking, and self-directed learning skills while broadening and deepening subject knowledge.


Summative assessment (30.00 hours)

Summative assessments are used to evaluate student learning at the end of a module. These assessments can take many forms, including exams, papers, or presentations. Instructors can use summative assessments to measure whether students have achieved the learning outcomes for the module and provide them with a sense of their overall progress. Summative assessments can also be used to evaluate the effectiveness of the teaching methods used in the module.

Programmes this module appears on

Programme Term Type
1 BSc Computer Science 6 Optional
2 BSc Software Engineering 6 Core
3 BSc Software Project Management 6 Optional
Please note that the information detailed within this record is accurate at the time of publishing and may be subject to change.
Module Spec: Application Security (AS61)