BSc (Hons) Ethical Hacking

Year 2 Core Modules

You must study and pass all five core modules

Brief description

Build on your knowledge of programming  taught in earlier modules (e.g. arrays, structures, simple collections). Gain an introduction to the standard data structures and algorithms that form the core of algorithmic thought in computer science and to the idea of reasoning about the behaviour and performance of a computer program.

Indicative content:

• Reasoning about performance: The idea of an algorithm, time and space complexity, abstract data types.
• Basic data structures: Linked lists, stacks, queues, hash tables.
• Sorting and searching: Exhaustive and binary search, common sorting algorithms.
• Trees: Simple trees, tree search algorithms, tree representations (XML, JSON).
• Graphs: Simple and directed graphs, graph algorithms.

Brief description

Introduction to dynamic web applications, through client-side and server-side web development on a full-stack platform.

Indicative content:

• Web standards: Application of HTML5 and CSS to develop responsive designs.
• Client-side technologies: Implementation of JavaScript, libraries, and frameworks to create effective user interfaces within an appropriate development practice and methodology.
• Design techniques: Appropriate techniques for dynamic web applications.
• Data persistence: The use of relevant data persistence and consideration of appropriate use.
• Server-side scripting technologies: Using server-side technologies to provide functionality. Consideration of the processes involved, and the benefits/drawbacks of processing on the server.
• Security and legal issues: Consider legal and security issues including privacy, transparency, data protection, GDPR, authorisation and validation.
• Practical aspects of security: Appropriate use of network protocols, secure programming, and testing strategies.

Brief description

The tools used by Ethical Hackers to examine the security of a device or network. Systematically investigate a computer network for possible vulnerabilities.

Indicative content:

• Footprinting: Determining the location of a company. Examining computer networks using passive techniques.
• ​Search Engines: Using search engines to find ethical hacking information. Information limiting.
• Scanning: Using tools to scan for IP addresses and operating systems in use on a network or in an organisation. Identify services that are running on a network. Different types of port scans and useful tools.
• Enumeration: Tools and techniques for enumerating networks and identifying exploitable shares, usernames and email addresses.
• System Hacking: Privilege Escalation, Keystroke Loggers. Mitigations against keyloggers. Operating System and Application Hacking. Examining and exploiting System flaws. Understanding the need to install and patch applications.
• Vulnerabilities: What are the principle vulnerabilities that computer systems are exposed to? How are they exploited. What are the techniques that can be used to assess them and the security of a system.

Brief description

Build on Data Structures and Algorithms 1. Gain an introduction to parallel programming on shared-memory and GPU architecture, and the design techniques underpinning parallel applications. Use a range of case studies drawn from typical real-world applications.

Indicative content:

• Parallel programming: Why to parallelise, Amdahl’s law, high-level approaches to parallelisation, parallel design.
• Low-level programming with threads: Starting and joining threads, sharing data safely, mutual exclusion, synchronisation objects, lock-free.
• High-level parallel programming: Task-based parallelism, data-parallel problems, exploiting locality.
• Instruction-level parallelism: SIMD instructions, automatic vectorisation.
• GPGPU: GPU architectures, appropriate algorithms for GPUs, GPU profiling.
• Parallel Patterns: Design patterns for parallel and concurrent programming. Awareness of common sorting, numerical, image processing and searching and optimization algorithms and how they can benefit from parallelisation.

Brief description

The basic technology and techniques used to investigate cybercrime. Introduction to a systematic approach to planning and implementing a comprehensive computer forensic investigation, particularly evidence collection and the reconstruction of events.

Indicative content:

• Computer Crime: Types of computer crime; legislation concerning computer crime.
• Use of Linux as an investigative environment: Familiarisation with the command-line interface.
• File Systems as a source of forensic evidence: Structure of NTFS, FAT, FAT32, and Linux file systems.
• Data Acquisition: Procedures for acquiring disk images; collection of evidence from crime scenes, integrity of evidence, write blockers.
• Computer Forensics Tools: Command line tools; Linux tools; Windows tools.
• Computer Forensic Analysis: Digital forensic toolkits; data hiding techniques; anti-forensics.
• Internet History and Email: Identifying email and browser-derived evidence; examining email headers; using specialist email forensic tools; examining browser histories and cookies.
• Working with MS-Windows systems: File system; investigation of the Registry; recovering deleted files; working with forensic boot disks.
• Computer Forensics Analysis: Methodologies for forensic analysis of systems and the assessment of results. Memory forensics.
• Reporting Results of Investigations: Importance of reports; time-lines; designing the layout of a report.

Years 1 and 2 Elective Modules - 20 credits

You must study and pass one elective module of your choosing

Brief description

Introduction of the concept of smart cities - hard infrastructure, social capital including local skills and community institutions, and digital technologies to fuel sustainable economic development and provide an attractive environment for all.

Module content:

• Social impacts
  There is an overall need for theoretical and methodological plurality in how we assess the impact and value of future cities in terms for individual and societal well−being. Gaps in our understanding relate to the complex ways individuals and groups engage with built and natural settings, the cultural goods and consequent benefits that may arise and the inequalities associated with these cultural benefits.
   
• Security

Different types of cyber-attacks that could be launched against a Smart City. Impact of cyber-attacks. Approaches to securing the smart grid and critical infrastructure, i.e. improving cyber resilience.

• Sustainable urban food production

Includes the long established allotments movement to large scale projects based on sustainability throughout the food chain. Urban food production includes the long established allotments movement. The demand for urban growing also responds to the densification and intensification of living areas, due to population rise, migration and demographic aging with lower housing and ‘garden’ space standards placing greater importance on collective production.

• Energy, waste and water

At present, water and wastewater facilities are often the largest and most energy intensive responsibilities owned and operated by local governments, representing up to 35% of municipal energy use. Future cities will need to utilise more sustainable methods of water and waste water management and renewable energy production.

• Digital technologies

Digital technologies will play a major role in creating sustainable and resilient cities offering a vehicle for more inclusive decision−making process and promoting dialog amongst architects, urban planners, the public and technologists.

Brief description

Develop a range of skills, knowledge and techniques within the natural, technological and social sciences relevant to the study of environmental sustainability and life in the twenty-first century. Understand the critical issues that confront humanity and begin to discern appropriate responses.

Module content:

• The Challenge of Sustainable Development
  Problems associated with life in the 21st Century and the relationship to scientific provisionalism and uncertainty are discussed.
   
• The Genesis of Sustainable Development Concept
  Developments associated with the Club of Rome are outlined while Limits to Growth and the Tragedy of the Commons are discussed.
   
• Evolution of Sustainable Development
  The Reo Summit and Suitability, and Policy Developments thereof will be discussed.
   
• Scientific Inquiry and Sustainable Development
  We will look at controversial issues like climate change, oil peak, and food production and the role of science in helping delimit them as problematic will be outlined.
   
• Mainstreaming Sustainability
  Sustainability and Mitigation, Adaptation and Resilience, as individual and social concerns, will be evaluated. And their role in transformation will be discussed.
   
• Communicating Sustainability
  Human well-being, Environmental Justice, Environmental Policy and the practicalities of Sustainability in Scotland are discussed.
   
• Sustainable Development in Practice
  Community Empowerment associated with Land Reform. Energy Production and Food Production in Tayside are looked at.
   
• Ethics and Sustainability Policy
  Active citizenship and Globalisation are discussed.
   
• Innovating Locally, Transforming Globally
  Transformations that are required to embrace Sustainability will be analysed and discussed.
   
• Active Relationship for Sustainable Futures
  Thinking Globally, acting locally.

Brief description

How lifestyle can affect physical and mental well-being. Reflect on your own lifestyle choices and how to incorporate good health behaviours into your life.

Module content:

• Sleep and stress
  The impact of sleep and stress on health and performance. Completion of sleep diaries and questionnaires related to sleep patterns and stress.
   
• Physical activity
  Current physical activity recommendations, components of physical fitness.
   
• Physical inactivity
  Understanding why people are inactive. The link between physical inactivity, obesity and type 2 diabetes.
   
• Physical activity and mental well-being
  The effects of physical activity on mental well-being.
   
• The effect of carbohydrate consumption and exercise on blood glucose
  Measurement and recording of blood glucose in response to the carbohydrate ingestion and exercise.
   
• Simple health and fitness testing
  Measurement and recording of data. Tests will include blood pressure, strength, endurance and flexibility. Data will be compared with normative values for these tests.

Brief description

Develop critical thinking skills that form the basis for progression across the academic disciplines of the university. Learn how to recognise, construct, evaluate, criticise and defend different forms of argument.

Module content:

• Potential 'Timeless' Debates
  Debates delivered by internal and external experts on: e.g. existence of God; privacy and civil society; private property; money as source of 'evil'; nature/nurture; free speech; pornography; capital punishment; prostitution; animal experimentation; meaning of justice; abortion; affirmative action; just war; trade union power; good life/good political community; human nature; monarchy; value of democracy; meaning of equality; citizenship rights etc.
   
• Potential 'Timely' Debates
  Debates delivered by internal and external experts on: eg, Scottish independence, academic freedom; drug legalisation; drug use in sport; immigration; free health care; war on terror; EU membership; euthanasia; progressive taxation; race and gender discrimination; gay marriage; human rights; politics/sport; global warming; internet censorship; nuclear power; education league tables; nuclear weapons; GM agriculture; religion; cloning; fair trade; value of contemporary culture; etc.
   
• Critical Thinking Seminars
  Follow-up discursive discipline specific seminar sessions led by teaching staff on topics covered in formal debates. Students are tutored to identify types of argument presented, evaluate perspectives and to reflect upon their own reasoning processes and value assumptions. The debates and seminars facilitate a foundation for the acquisition of graduate attributes.
   
• WEB CT Wiki Discussion Forum
  Students will be required to work in small groups to write a short 800 word indicative "Thinking Summary" online Wiki of the arguments presented in each debate. These summaries will be constructed by each designated Thinking Group of three students using the Wiki facility on Blackboard which will facilitate further discussion on the moderated WEB CT discussion forum.

Brief description

The social, managerial, economic, political, and technical challenges and opportunities associated with emerging renewable energy innovation, production, supply and consumption.

Module content:

• Renewable Energy Nontechnical Challenges and Opportunities
  Social and political challenges and opportunities of renewable energy production supply and consumption. Economic and environmental challenges of renewable energy production supply and consumption. Strategic and managerial challenges of renewable energy production supply and consumption.
   
• Renewable Energy Technological challenges and opportunities
  Geotechnical, Geophysical and Hydrographic information; Knowledge of sources of hydrographic information and interpretation of published charts. Forces on structures; Appreciation of the various forces acting on marine structures. Technical limitations and challenges of energy distribution systems and energy storage. Current technological development trend, collaborative innovation in renewable energy.

Brief description

An understanding of the concepts of tolerance, and the importance of making sound ethical decisions. Develop the qualities, characteristics and skills to meet the aspiration for Abertay graduates to become global and active citizens. 

Module content:

• Introduction to equality and ethics legislation equality and ethics legislation.
   
• Diversity competence; moral/ethical reasoning Inclusiveness, equal opportunities, positive action, Reasonable Adjustment, moral/ethical reasoning.
   
• Attributes for the workplace and for global citizenship.
   
• Reflective Practice Application of models of reflective practice.
   
• Contemporary Issues.

Brief description

Learn how to adjust language to suit context. Analyse a range of linguistic issues, including “proper English”, how language can be used to create moral panics, and the ethics of communication.

Module content:

• Good English": the role of standardisation, dialect and idiolect − how we choose language to reflect our identities and our role in a speech or discourse community.

• Language and influence: how the media constructs narratives to persuade or inform the audience (and how to tell the difference).

• Creating a narrative across genres: the conventions, freedoms and limitations of different forms; using these forms in new ways.

• Narrative changes over time: how authors reinvent old stories to reflect current concerns.

• Technical writing: the use and manipulation of data; hearing the author's voice; critiquing "bad science".

• The ethics of communication: (electronic) media and ownership, attribution and theft.

Brief description

“Personal” digital safety to make computer security fun, practical and eye-opening.  Learn the base knowledge that will continue to be relevant to future generations of devices.

Module content:

• Current state of computer security. An overview including legal aspects.
   
• Cyber-attacks, vulnerabilities and threats Malware, Network attacks (denial of service, packet sniffing etc.), bots and rootkits. How the bad guys can obtain your password.
   
• Information Leakage, recovery and forensics recovering deleted or corrupted files. What your browser knows about you. Web browser forensics.
   
• Securing networks, accounts and devices Defence against malware, honeypots, Secure protocols, intrusion detection, Password security, Mobile device security
   
• Human aspects of cyber security The Psychology of Hackers, Social Engineering, identity theft, Usability vs security.
   
• Breaking the code. An introduction to cryptography, Encryption and Decryption, public and private keys, the key exchange problem.
   
• History of Cryptography The Caesar cipher, polyalphabetic ciphers, the Playfair cipher, the role of Enigma and the Bletchley Park cryptographers in WWII
   
• Computers and Crypto Diffie-Hellman and RSA encryption. Phil Zimmerman and “Pretty Good Protection". Quantum Cryptography – Provably unbreakable information hiding. Mathematical Underpinnings – Large prime numbers and why they matter.
   
• Steganography A picture's worth a thousand words when you're hiding the wood in the trees.
   
• The Law, Society and Cryptography Why you can be imprisoned for forgetting your password. The Civil Liberties Arguments for and against strong-crypto. International perspectives on information hiding, information freedom, the right to privacy and the conflicts between these. Are unbreakable cyphers an unqualified “good thing”?

Brief description

Develop perspectives on the key challenges faced by humankind such as environmental change, pollution, food security, energy provision, conflicts, terrorism, emerging diseases, and changing demographics. Understand the overwhelming complexity of the problems and the need for interdisciplinary approaches to create solutions.

Module content:

• Interdisciplinary research
  Introductory lectures will discuss the definitions, methods, benefits, challenges, and drawbacks of disciplinary and interdisciplinary approaches and the role of public policy influencing research
   
• Global Challenges
  Challenges will be introduced from different disciplines. Indicative examples include: − Climate Change: causes and impact – Serious Games: science and application of visualization and games − Global Security − Valuing ecosystems: balancing policy, economics and environment − Contemporary challenges to healthy living − Food security: global threats and local needs – Energy Poverty – Space Travel.

Brief description

Design an activity to communicate and present scientific principles to primary school children. Learn about working as a group and how to communicate complex ideas.

Module content:

• Developing a Science Communication activity
  Target audience, sources of information to identify suitable activities (CfE documentation etc.), health and safety, issues around working with specific groups, accessibility, ethics, costing and sustainability.
   
• The landscape of engagement and current practice
  Types of public engagement activities, target audiences, funding, role of learned societies universities and other bodies. Public engagement in Dundee and Tayside.

Brief description

Work in a team to develop game design concepts for serious applications. Gain the knowledge, processes and techniques of game design and study examples of serious games developed to benefit society.

Module content:

•    Overview of Games
A brief history of games, game art and gamification.

•    Games for change
Understanding how games can benefit society.

•    Game mechanics
Deconstructing core components of popular game genres.

•    Gameplay constructs
What is gameplay and how is this broken down and communicated within the game design.

•    The game design process
Conceptualisation, iteration, phases of workflow.

•    Game design theory and practice
Identifying the elements within effective design and how they are implemented.

•    Documenting the design interactive
Oriented design, technical design, capturing requirements.

•    Business models
Exploring methods that can be used to generate revenue within the game design.

Brief description

Develop the knowledge and awareness required to make good career decisions and the skills and confidence to successfully navigate each stage of the recruitment process for graduate jobs.

Module content:

• Developing self-awareness
  Profiling of personal strengths, values and priorities in relation to career choice.
   
• Developing opportunity awareness
  Generating career ideas based on your personal profile; Exploring the range of graduate opportunities within job sectors of interest; Reviewing occupations that are directly related to your own subject discipline.
   
• Developing a career action plan
  Matching your personal profile with best fit opportunities in the job market; Creating a timeline of actions to improve your prospects of meeting your aim.
   
• Developing job seeking skills
  Sourcing suitable job opportunities - both advertised and unadvertised; Creating a professional image online; Identifying the skills and qualities employers look for in graduates; Learning how to produce targeted applications for specific job roles; Practising the presentation of your strengths and motivations in face to face selection activities.

Brief description

Learn about natural disaster such as landslides and flooding, structural disasters such as the Tay Rail Bridge and the system of critical infrastructure (such as road, rail, air and shipping transport networks, power grid, gas and water networks, health system) that constitute the backbone of modern societies.

Module content:

• Overview of the scope and the content of concept of critical infrastructure failure during natural disasters and resilience against such failures
  the consequences of geophysical, hydrological and meteorological disasters on critical infrastructure and critical infrastructure protection capabilities against natural disasters. Interdependencies of critical infrastructures during large disasters, presents a brief review of current research being done in this field, and presents a methodology to address interdependencies.
   
• The identification of the vulnerabilities of the critical systems
  The critical systems upon which modern society, economy, and polity depend. The identification of the vulnerabilities of these systems threats that might exploit these vulnerabilities. The effort to develop techniques to mitigate these vulnerabilities through improved design.
   
• Flooding in Scotland
  general overview of fluvial, pluvial and coastal flooding, the structural, economic and societal impact and responses to flooding. Resources will include historical examples, current policies and information (including SEPA flood maps). Case study (with virtual/actual field visit?) the Perth Floods of 1990 and 1993 and the Perth flood defence scheme*
   
• Landslide origins, types and mitigations
  General overview what landslides are, why they happen and what can be done to prevent them.
   
• Structural Failure
  e.g. why did the Tay Bridge fails and what did the failure mean for the Forth Rail Bridge
   
• Reports and investigations
  the role of reports in accident and disaster investigations in creating informative reports; case studies of accidents, disasters, learning from history, learning from case studies, learning from common law
   
• Case studies
  Power System Blackouts, Smart Grids and self-healing systems. Nuclear Plant Emergency How Would the Public Respond?

Brief description

Introduction to the skills and knowledge needed to launch a small business successfully. This module will define and help you acquire the personal and professional skills needed to develop a professional career and/or to succeed as entrepreneurs in Small and Medium sized Enterprises (SMEs).

Module content:

• Understanding entrepreneurship.
   
• Generating successful business ideas.
   
• Environmental scanning.
   
• Developing a credible business plan that includes evaluating business ideas.
   
• Presenting the business idea.

Brief description

An understanding of some of the processes involved in food production. Discuss common misconceptions and ideas which present the food and nutritional industries in a bad light.

Module content:

• Student led investigations
  Student led investigations of the different sectors within the food and drink industry including: prebiotics – and the controversy surrounding the term; if barbequing is a healthy cooking method; and exposing the celebrity chef - common Myths about cooking
   
• Consumerism
  Does the food industry listen to us? -Understanding consumer and sensory science to better understand why you buy the products you buy. - How food / public health is reported by the media? - The French paradox / Mediterranean diet.
   
• Future of food
  Ethical food production and the future of foods, and, what’s waste got to do with it?
   
• Debunking myths
  Debunking food myths, more science than science fiction in our food today, like the science behind getting sauce out of a bottle and what to drink – Whisky or Beer?
   
• Facts from fiction
  Finding facts from fiction, investigating the three second rule – should I eat things that have fallen on the floor? What’s so super about super-foods? Fat or sugar: Which is worse?

Brief description

Learn how we approach and understand mental health, from historic, social, therapeutic, and individual perspectives. Explore questions such as ‘what is madness?’, ‘how does society position people with mental illness?’, and ‘how do we best respond to challenges to our mental health?’

Module content:

• Historical and cultural perspective on mental illness
  How do we ‘think’ about mental health, and mental ill health?
   
• Diagnosis and the anti-psychiatry movement
  Who holds the power to decide what is normal in terms of psychological well-being and behaviour?
   
• Gender, culture and mental health
  How gendered cultural expectations and representations influence how we respond to mental health issues.
   
• Media representations
  The impact of film and literature on attitudes and understandings of mental health.
   
• Resilience, treatment and recovery
  Common mental health problems in the UK, treatment and management, and frameworks for enhancing well-being and resilience.

Brief description

An introduction to the wide range of disciplines in forensic investigation. Learn how crimes are investigated from the moment of reporting through to the presentation of the evidence in court. A hypothetical case study provides an over-arching framework in which to explore the critical aspects of forensic investigations. It involves not only physical and electronic evidence, but also statements from witnesses, suspects and victims which requires cross discipline collaboration of professionals.

Module content:

• Crime Scene Investigation
  How a crime scene is examined in the context of incomplete contextual information and to avoid loss or contamination of evidence and the maximising of the value of evidential material.
   
• Media Involvement
  Positive and negative effects of the media/public interest in the crime.
   
• Forensic Biology
  Examination and evidential value of body fluids, DNA, hairs and fibres.
   
• Forensic Chemistry
  Analysis for drugs, toxicological analysis, firearms, explosives, and trace evidence.
   
• Digital Sources
  Evidence from CCT, mobile phones, computer hardware, on−line behaviour.
   
• Forensic Reasoning and Practice
  An introduction to forensic problem solving, thinking styles, case assessment and interpretation.
   
• Psychology of Witnesses and Suspects
  False confessions, offender profiling, effects and avoidance of cognitive bias in forensic science through process design.

Year 3 Core Modules

You must study and pass all six core modules

Brief description

Work within a team and learn about project management concepts to create a project proposal in a professional manner. Present your work in a client pitch to a stakeholder. Project briefs are provided by industry/or research based problems. Expect to engage fully in your team role by communicating effectively with project stakeholders, contributing to the planning of the project, developing artefacts or prototypes, writing associated documentation, and creating and presenting the client pitch.

Indicative content:

• Research: Background, competitors, prior art, project benefits.
• Project: Project management concepts, Agile, Scrum.
• Activities: Activities, deliverables and products.
• Managing: Managing time and resources.
• Identifying: Identifying and managing risks.
• Quality considerations: Professional standards and quality assurance.
• Develop: Develop artefacts, prototypes.
• Interacting: Interacting with clients and team members.

Brief description

The ideas and concepts of how computers, mobile devices and gadgets communicate via a wide range of communications technologies with each other, and other devices. This includes interactions via technologies such as Ethernet, VLANS, STP, Wireless, Routing, Subnetting, IPv6, SNMP, DHCP, DNS, Firewalls and Network Management

Indicative content:

• VLANS: Describe the core concept of VLANS and trunking along with the common attacks that can be used against them.
• STP: Investigate how STP can be used to create a loop free network and how this can be exploited by an attacker.
• Static Routing: Examine how routing works and show it can be used for pivoting deeper into a network.
• Subnetting and Variable Length Subnet Masks: Classful and classless addressing. Benefits and impact on routing protocols. Design of LANs using VLSM techniques.
• Network Application protocols: Investigation into various networking protocols used at the application layer of the OSI model along with common security weaknesses.
• Firewalls: Software and hardware firewalls - their application, uses and how to counter them.
• Intrusion Detection Systems: Examine how Intrusion detection systems work and how they can be bypassed.
• Network management: Examine network management protocols (Simple Network Management Protocol SNMP) and current practice.

Brief description

Advanced techniques used by Ethical Hackers to examine the security of web applications. 

Indicative content:

• Overview of Web Application: Core Defence Mechanisms. Handling User Access, Authentication, Session Management, Access Control.
• Web Application Technologies: HTTP Protocol, Requests, Responses and Methods. Encoding schemes. Server side functionality technologies (Java, ASP, PHP).
• Injecting Code: Attacking SQL Servers, Sniffing, Brute Forcing and finding Application Configuration Files, Input validation attacks. Preventive Measures.
• Bypassing Client Side Controls: Manipulating cookies, URL parameters, ActiveX controls, Shockwave controls.
• Attacking Authentication: Attacking Session Management, Design Flaws in Authentication Mechanisms Attacking Forgotten Password Functionality, attacking Password change functions. Countermeasures to authentication attacks.
• Cross Site Scripting (XSS): Reflected XSS Vulnerabilities, Stored XSS Vulnerabilities, DOM-Based XSS Vulnerabilities, HTTP Header Injection. Countermeasures to XSS.
• Web Server Security: Popular web servers and common security threats. Attacks against IIS and Apache. Increasing web server security. Counter-measures (e.g. correct Web Application Set-up).

Brief description

Software development practices which can be used to develop applications for a range of smart and mainly mobile devices. Develop and evaluate the techniques used to implement mobile applications.

Indicative content:

• Background to Smart and Mobile Development: Challenges in developing for smart including mobile devices. Development strategies, emulators and development environments. Use of the application abstraction to allow easier development.
• User Interfaces: Development of interfaces for user-interaction including UI controls (buttons, forms) and underlying hardware controls (key presses, touch screen). Basic control of a mobile device using the high user interface. Use of commands and forms to gain data from the client. Use of low level features to display data to the user. Use of key presses to control real-time application.
• Storage: Consideration of storage requirements for mobile devices. Saving and retrieving local and remote storage. Overview of database design. Use of remote databases, and how to use server side databases in an internet application. Use of internet based scripting to generate server-side text for the client.
• Location awareness: Utilising the network location capabilities of mobile devices to develop feature rich applications.
• Telephony SMS: Understanding the telephony and SMS stack on the mobile device and the use of APIs required for their access and control.
• Communication Networks: Using short and long-distance networks for communication and understanding of the limitations and benefits of each.
• Security: Consider the security implications of mobile and smart platforms, how these can be exploited and development considerations to improve resilience.
• Performance: Methods for testing the functionality and performance of applications on mobile devices.
• Mobile Web Application Development: Explore and evaluate a range of mobile solution options from response design, Firebase-, and JavaScript-based applications.

Brief description

Complete a team based development project or other technical investigation project, which was planned and initially developed in the Professional Project Planning and Prototyping module.

Indicative content:

• Orientation: Consolidation of project teams and target problem.
• Project principles: Required development methodologies during product production.
• Documentation: The importance and content of a requirements specification and related documentation.
• Design: The role of design and redesign during project development.
• Implementation: Implementation issues and approaches.
• Quality and Standards: Testing and evaluation methods and execution.
• Communication: Oral and written communication and demonstration of software product.
• Project planning and team working: Planning the project, organising a team, supporting colleagues, devising weekly plans, keeping progress records.
• Self-evaluation: Personal contribution to team progress, logbook.

Brief description

Develop a critical understanding of analysis techniques used by Ethical Hackers to examine binary files, practising and developing these skills with an individual project.

Indicative content:

• Binary auditing tools: Binary auditing tools, Debuggers, add-ons, debugging techniques.
• Binary auditing: Binary auditing, Source code auditing. Black box auditing. Reverse engineering auditing. Copy protection auditing.
• Buffer Overflows: Significance of Buffer Overflow Vulnerability. Why Programs and Applications are Vulnerable. Reasons for Buffer Overflow Attacks. Methods of ensuring that buffer overflows are trapped.
• Shell code development: Shell code development. Creating and writing shellcode.
• Structured Exception Handling: Structured exception handling (SEH) vulnerabilities. Exploitation and countermeasures.
• Overcoming operating system countermeasures: Avoiding Data Execution Prevention (DEP). Address Space Randomisation Layout (ASLR) evasion using ROP chains.
• Heap Spray techniques: Heap Spray Techniques. Use of Heap Spraying to avoid countermeasures.
• Malware analysis: Types of malware, malware analysis methodology. Static and Dynamic analysis.

Year 4 Core Modules

You must study and pass all five core modules

Brief description

The forensic investigation of computer (e.g. TCP/IP) and the challenges facing analysts when investigating mobile devices and network traffic. Start with an understanding of the underlying communications technologies and develop a comprehensive, systematic approach to the discovery and examination of evidence from both end-user devices (e.g. phones, tablets etc.) and the networking infrastructure itself.

Indicative content:

• Mobile Phone technologies and networks: How do mobile/wireless networks work? What are the implications for their forensic investigation?
• Principles and limitations of mobile operation: GSM based networks, GPRS, 3rd/4th generation, UMTS networks, Data carrying capabilities and user access methods.
• Forensic analysis of end-user devices: Acquisition of evidence from end-user devices (e.g. phones, tablets, etc.) Phone, SIM and memory data, use of tools to extract data, SMS.
• Cellsite Analysis: Data stored within the network. Mobile trail. Location-aware devices and tracking data.
• Mobile Phone data mining: Ideas of gaining behaviour patterns for stored data. Data mining techniques.
• Network integrity: Evaluate the effects of viruses and internal and external attacks on the network. Develop strategies to prevent and detect these.
• Live incident response: Gathering and analysing volatile and non-volatile data from a system in real-time - e.g. network connections, open ports, routing tables, users, processes, services, open files.
• Intrusion detection systems: Benefits and limitations. False positives. Critical analysis of data. Tuning.
• Server side forensics: Evaluate techniques for analysing and filtering logs and data from firewalls, DNS, web caches, email.

Brief description

System programming and development and the security implications of such systems.

Indicative content:

• System Programming: C programming, compiler, linker and loader. Static and runtime analysis of binary files. System development kits, kernel headers and cross complier environments.
• Hardware: ASIC,MCU,CPU, SOC, assembly, component security, pcb security, sniffing wire traffic, radio traffic, Types of communication (I2C, SPI, UART, RS232) and security challenges.
• Operating systems: I/O Manager, Memory Manager, Scheduler, .s file, init file, boot loader, boot process, ROM, RAM, execution rings.
• Kernels: Types of kernel, real time, unix, Windows, mac, Linux, user space vs kernel space, shell, native applications, dll, registry/proc. Security landscape in user and kernel space.
• Auditing and Debugging: User and kernel space debugging, Remote kernel debug setup, Analysis of precompiled binaries.
• Loadable modules: Linker, stack and memory layout, Interrupts, IRQ table and priorities. Introduction to device drivers, Types of driver, lifecycle, portability. Security risks associated with loadable modules.
• Cloud Platforms: Setup and use of cloud platforms such as AWS. Cloud platform utilisation fundamentals and business considerations.
• Web Technologies: TCP/IP protocol with understanding of application protocols such as HTTP, FTP, SSH etc. Understand web server and common gateway interface (CGI).

Brief description

Undertake the practical and development work for a major, in-depth individual project in an aspect of your programme. Devise the idea for the project and proof of concept to support the specification of a well-researched project proposal document.in Term 1. Carry out and complete the main development work for the project in Term 2.

Indicative content:

• Investigation, Research and Selection: Initial investigation of project topic, Background research of project topic and Selection of project topic.
• Evaluating: Methods of evaluating a project.
• Legal, Social, Professional and Ethical Issues: Consideration of legal, social, ethical and professional issues.
• Proposal: Production of a project proposal.
• Project feasibility and proof of concept: Demonstrate feasibility of project.
• Self-directed problem solving, Originality and Creativity.
• Self-Motivation, Initiative and Insight.
• Software Design Skills.
• Recording, Reporting and Communication Skills.
• Employability and professional development.

Brief description

Present as a dissertation a major, in-depth individual project in an aspect of your programme. Normally you will devise the project, drawing from current industry and/or research based problem areas. Present your work in a structured and coherent manner which allows for critical and insightful review and evaluation of the project and artefact produced. Write the dissertation in academic style appropriate to your domain of study.

Indicative content:

• Introduction: Introduce the topic of the project and the problem area with and appropriate research question.
• Investigate: Investigate previous work in the chosen project area and show how the work of the project relates to it.
• Justify: Demonstrate a sound justification for the approach and methodology adopted.
• Document: Document the output of the project with some originality.
• Evaluate: Critically evaluate the output, using third party evaluation where appropriate, and recognise the strengths and limitations of the work.
• Communicate: Communicate your work professionally in the required academic format/style. Demonstrate an ability for independent learning and linkage to future work and career aspirations.

Brief description

Social and technical approaches to better security resilience in systems through consideration of methods of attack and defence.

Indicative content:

• Principles of Secure Software Development: The relationship between correctness, security and performance. Defence in depth. Input, output and state validation. Minimal privilege and privilege separation.
• Language and API Design for Security: Inherent security problems with widely-used languages, and why people still use them. Undefined behaviour and compiler optimisations. Enforcing security properties using better type systems and language semantics. DSLs for security.
• Secure Software Engineering: Security within the SDLC. Specifying security requirements. Secure coding standards. Code review for security.
• The Ingredients of Machine Learning: Overview of the different ‘aspects’ of machine learning. All machine algorithms are not created equal. Applications of machine learning for cyber-security. Review of the various types of algorithms and the mathematics behind the algorithms. Exploration of supervised and un-supervised classifications. Creation of a spam filter such as SPAM-Assassin and applications of Machine Learning to Network Forensics.
• Support Vector Machines for Cyber Security: Exploration of classification and regression analysis. Overview of the mathematics behind Support Vector Machine and the application of the SVM algorithm in the context of networking security. Introduction to non-linear classification and high-dimensional feature spaces to improve intrusion detection systems, mitigate security vulnerabilities and identify data exfiltration.
• Neural Networks for Cyber Security: Exploration of neural networks for threat analysis and malware detection. Exploration of the propagation models, weights and learning rules. The mathematics and models behind the different algorithms are explored and applied to the classification of network traffic, identify threats, computer misuse, and improve network security.
• Human-Centred Security: An introduction into the human side of security, and into how humans make security and privacy-related decisions.
• Authentication Design: How authentication mechanisms ought to be chosen with the human in mind. The differences between what you own, what you are, and what you know, and how to judge which one is best to be used in a particular context. If passwords are chosen, how password requirements ought to be defined, how these ought to be communicated to the users. Design of secure password replacement.