Skip to main content
Link list

Study Guide

Choose language
system.sr-kielenvaihto_fi system.sr-kielenvaihto_en

Application Security (5 cr)

Code: 3011640-3004

General information

Enrollment

01.05.2023 - 14.09.2023

Timing

04.09.2023 - 15.12.2023

Number of ECTS credits allocated

5 op

Mode of delivery

Contact teaching

Unit

Engineering and Business

Campus

Kupittaa Campus

Teaching languages

  • Finnish
  • English

Seats

15 - 40

Teachers

  • Jani Ekqvist

Groups

  • PTIETS21swis
    PTIETS21 Software Development and Information Systems
  • ICTMODictprojSem
  • ICT_MOD_UPV_23
    ICT_MOD_UPV_23
  • 23.11.2023 08:00 - 10:00, Lab exercises, Application Security 3011640-3004
  • 30.11.2023 08:00 - 10:00, Lab exercises, Application Security 3011640-3004
  • 07.12.2023 08:00 - 10:00, Lab exercises, Application Security 3011640-3004

Objective

After completing the course the student is able to:
- Understand common application security threats, vulnerabilities, and attacks
- Evaluate the technical and business impacts of different kinds of attacks
- Describethe security principles for developing high security web applications
- participate in high security web applications developing projects
- use security testing tools
- analyse and report the results from security testing
- give justified improvement proposals to mitigate security vulnerabilities

Content

- Network discovery, port and service identification
- Vulnerability scanning and penetration testing
- Web application security threats, vulnerabilities, and attacks
- The impacts of security breaches
- Web application security principles
- Implementing a secure web application
- Web application security organizations

Materials

Online material, provided through ItsLearning.

Student workload

Lectures 12h
Self-Study with online materials 40h
Laboratory Work 40h
Project Work 40h
Project presentations and reflection 3h

Content scheduling

Period 3:
- Application security threats, vulnerabilities, and attacks
- The impacts of security breaches
- Application security principles
- Application security organizations and standards

Period 4:
- Designing and implementing a secure web application
- Building secure continuous development and operations environment

Further information

All communication is through ItsLearning.

Evaluation scale

H-5

Assessment methods and criteria

The evaluation is based on:
- Homework assignments, 40% of grade
- Laboratory assignments, 40% of grade
- Project work, 20% of grade

Assessment criteria, fail (0)

Student has incomplete understanding of application security and is unable to design and implement a secure software development process.

Assessment criteria, satisfactory (1-2)

Student is able to design, implement or operate a secure continuous development process with supervision.
Student has knowledge of application security threats, vulnerabilities and attacks, and understands the impacts of a security breach. Student is somewhat familiar with application security organizations and standards.

Assessment criteria, good (3-4)

Student is able to design and implement a secure continuous development process with supervision and operate it competently.
Student understands application security threats, vulnerabilities and attacks, and can mitigate the impacts of a security breach. Student is familiar with application security organizations and standards, and is able to utilize them in their work.

Assessment criteria, excellent (5)

Student is able to design and implement a secure continuous development process without supervision and operate it competently.
Student has an excellent understanding of application security threats, vulnerabilities and attacks, and can mitigate the impacts of a security breach. Student is familiar with application security organizations and standards, and is able to utilize them to create effective security processes.