Personal computers (e.g., desktops, laptops) and mobile devices, provide a common means for users to access online applications and services, typically via a web browser or, in the case of mobile devices, a locally installed App. Online applications and services provide users with essential access to a diverse range of functionality and facilities (e.g., banking, health care, entertainment, social media, shopping, lifestyle options, business resources, media and much more). The ubiquity of and popularity of Apps, Web Apps and online services makes them (and their users) a common target for adversaries, and as consequence web and online security continues to be a high-profile concern.

This module provides students with a broad insight to web browser, mobile application, and web site security. Indicative topics include Professional standards, practices and ethics for the cyber security professional, introduction to pen testing concepts and practical applications e.g. (Reconnaissance, Scanning, Enumeration, Exploitation, Maintaining Access); web browser security fundamentals; mobile application security fundamentals; passwords analysis, authentication and permissions exploits; OWASP top ten server-side attacks, OWASP tools and projects (e.g., nettacker, Zed Attack Proxy, Burp Suite); CVE, CVSS; User vulnerabilities (e.g., social engineering, phishing, smishing, vishing attacks etc); Kali Linux tools. Other tools, themes and apps include: HTTrack, GoogleDorks, whois, nmap, port scanning, packet interception, ARP poisoning; packet sniffing, Metasploit, John the Ripper, netcat, netbus, python scripting: file and directory search, scanning and management; Metasploitable.

*Course content subject to change