Use the Tab and Up, Down arrow keys to select menu items.
This course provides students with skills to design and implement secure application programs, which are not vulnerable to malicious attacks.
2021 Covid-19 Update: Please refer to the course page on AKO | Learn for all information about your course, including lectures, labs, tutorials and assessments.This course provides students with skills to design and implement secure application programs, which are not vulnerable to malicious attacks. In an increasingly connected world, Cybersecurity is one of the biggest risks companies face. One does not have to look far to read the persistent warnings issued by governments and media alike. Many companies today depend on IT to run critical business functions, and your security system is no different.A cyber breach in your security system can damage your business's reputation, disrupt operations, expose personal data, open doors, or provide access to other building systems. This course provides students with the skills to design and implement secure software, at all levels in a system which is not vulnerable to cybersecurity attacks. By the end of the course, students should be familiar with why security is important, what types of vulnerabilities can be present in software, how they can be exploited, how to configure and test the software configurations in IT systems and how to develop and/or implement software that is sufficiently secure. The course involves significant practical work involving a range of proprietary and open source Cybersecurity tests systems.
Students who successfully complete this course will be able to:Learn how to configure systems and both proprietary and open source equipment such that attacks can be prevented.Understand how to design X.509 digital certificate systems in order to secure web sites working with https/sslUnderstand vulnerabilities in software such as Heartbleed, Wannacry, Denial of Service Attacks, MSVenon, Eternalblue, and other widespread malware in the wild today and how they can be prevented.Learn how to write and test application programs which protect against vulnerabilities such as cross-site scripting, cross-site request forgery, injection attacks etc.Configure a backend AD Server which can be used to deploy secure desktopsUnderstand how Metasploit is used to provide a testing infrastructure and framework. Use this to demonstrate attacks on servers and mobile systems.Build a 2FA crypto frontend onto Windows or Linux machines in order to provide multifactor authenticationDesign a physical access security system which back-ends to the AD and uses smartcard accessDevelop and test systems which carry out penetration testing and intrusion analysisSetup and test a secure commercial wireless system and test some of the vulnerabilities to be found in Android and Bluetooth systemsLearn how forensics operations are performed on voice and video systems as used by Police and Intelligence agencies.
Subject to approval of the Head of Department.
Students must attend one activity from each section.
Teaching Notes:Weeks 1-2: Ray Hunt (Room 247)Weeks 3-6: Richard Pascoe (Room 247)Weeks 7-12: Ray Hunt (Room 247)
and Richard Pascoe
2021 Covid-19 Update: Please refer to the course page on AKO | Learn for all information about your course, including lectures, labs, tutorials and assessments.The final exam will be used to evaluate a student’s overall understanding of the theoretical and technical aspects discussed in the course.An important component of this course is to gain skills in the testing and evaluation of software cybersecurity systems. Thus a set of labs will be run which are outlined below. These practical lab sessions will mainly be written up during the lab sessions and handed in every two weeks.Weeks 1-2:Practical Software Security Policy Implementation and Testing: Software Security packet filters and proxy configuration, Public Key Infrastructure and Digital Certificate creation and implementation on a serverPenetration Testing and Intrusion Detection: SSL Data Leakage - Heartbleed, SSL Interception - Man-In-The-Middle Vulnerabilities, Penetration Testing using Zenmap, Nessus and Snorby G Intrusion Detection.These labs addresses the implementation and design of secure software infrastructure and develops a good knowledge of firewall security policy implementation and testing thus aiming to avoid cybersecurity disasters. Further they provide experience and expertise with industry Penetration Testing and Intrusion Detection systems and tools as used in practice in addressing issues in the software cybersecurity world.Weeks 3-6:Lectures and labs will be an introduction to the general topic of secure software as applied to application programs. Concepts associated with secure software will be presented and discussed in lectures while practical skills will be developed in labs as students implement examples of these concepts.Topics will include: Cross-Site Scripting (XSS), Cross Site Request Forgery (CSRF), Injection Flaws – XML, JSON, Numeric, String, Command etc.Weeks 7-8:Identity and Access Management Software for Cloud Services: Active Directory, RSA multifactor authentication using hardware, software and mobile phone devices, smartcard identity, Gallagher cloud service security.These labs develop the tools necessary for linking many of these devices and systems together and for providing multifactor authentication as well as providing for implementation and testing.Weeks 9-10:Authentication and Authorisation: SSO (Single Sign On) using Shibboleth/Federation Services Authentication. This will operate with an IdP (Identity Provider) and two SPs (Service Providers) and will demonstrate the operation of OpenID and the new OAuth 2 Authorisation Framework thus demonstrating new approaches to authentication and authorisation.Weeks 11-12:Application Forensics: TCP/IP, VoIP (Voice over IP) and Video – attacks, exploits and software forensic analysis, Analysing voice, image and video traffic with Wireshark. This lab is for those who intend to work in police forensics and security intelligence services and must address and understand cybersecurity attacks on software systems..
Information will be given in lectures on appropriate background reading material for each stage of this course.
Library portalLearn Page
The Computer Science department's grading policy states that in order to pass a course you must meet two requirements:1. You must achieve an average grade of at least 50% over all assessment items.2. You must achieve an average mark of at least 45% on invigilated assessment items.If you satisfy both these criteria, your grade will be determined by the following University- wide scale for converting marks to grades: an average mark of 50% is sufficient for a C- grade, an average mark of 55% earns a C grade, 60% earns a B- grade and so forth. However if you do not satisfy both the passing criteria you will be given either a D or E grade depending on marks. Marks are sometimes scaled to achieve consistency between courses from year to year.Students may apply for special consideration if their performance in an assessment is affected by extenuating circumstances beyond their control.Applications for special consideration should be submitted via the Examinations Office website within five days of the assessment. Where an extension may be granted for an assessment, this will be decided by direct application to the Department and an application to the Examinations Office may not be required. Special consideration is not available for items worth less than 10% of the course.Students prevented by extenuating circumstances from completing the course after the final date for withdrawing, may apply for special consideration for late discontinuation of the course. Applications must be submitted to the Examinations Office within five days of the end of the main examination period for the semester.
Week 1: Software Security Architecture, Policy Implementation and TestingWeek 2: Penetration Testing and Intrusion DetectionWeeks 3-6: Introduction to the general topic of secure software as applied to application programs. This will include Cross-Site Scripting (XSS), Cross Site Request Forgery (CSRF), Injection Flaws – XML, JSON, Numeric, String, Command etc.Semester BreakWeek 7: Identity and Access Management Software for Cloud ServicesWeek 8: Common Software Security Failures – Denial of Service Attacks etcWeek 9: Enterprise Software SecurityWeek 10: Application ForensicsWeek 11: Software Security in Wireless/Mobile and IoT SystemsWeek 12: Recap and review
Domestic fee $1,033.00
International Postgraduate fees
* All fees are inclusive of NZ GST or any equivalent overseas tax, and do not include any programme level discount or additional course-related expenses.
For further information see
Computer Science and Software Engineering.