Skip to main navigationSkip to main content
The University of Southampton

COMP6230 Network and Web Based Security

Module Overview

The module complements the Foundations of Cyber Security module for Cyber Security MSc students by providing a practical grounding in cyber security practices in larger scale, networks, distributed systems and web applications. The module is also offered to select other MSc programmes.

 The aims at a high level are to:
 - Investigate security issues around web-based and networked systems 
- Review a variety of security frameworks, standards and best practices, and understand how to apply these to exemplar scenarios
 - Implications of passive monitoring for communication software systems
 - Provide examples of posture assessment, network penetration testing and exploring system vulnerabilities

Aims and Objectives

Learning Outcomes

Knowledge and Understanding

Having successfully completed this module, you will be able to demonstrate knowledge and understanding of:

  • Cyber security frameworks, standards and best practices, and how to apply these within an organisation
  • The core technical elements of security systems
  • The current trends in cyber security; threats, their importance, and why they are hard to face
Subject Specific Intellectual and Research Skills

Having successfully completed this module you will be able to:

  • Recognise and discuss examples of cyber security vulnerabilities
Transferable and Generic Skills

Having successfully completed this module you will be able to:

  • Communicate effectively on a broad range of issues with security professionals
Subject Specific Practical Skills

Having successfully completed this module you will be able to:

  • Perform a security assessment for an organisation as part of a team
  • Use examples of security penetration testing tools


Posture assessment 
- Penetration testing
 - Web-based systems; OWASP 
- Vulnerabilities and exploitation
 - Security of database applications
 - Injection attacks, cross-site scripting - Server configuration

 Network security
 - Network security monitoring (NSM) systems 
- Case study: the Domain Name System 
- Intrusion detection and prevention - Denial of service attacks, detection and mitigation
 - Implications of pervasive passive monitoring for communicating systems Cloud-based security - Virtualisaton - hypervisor security and data protection - Cloud services – vulnerabilities and protection - Secure designs for cloud architecture - Standards, governance and compliance for cloud based infrastructures

Learning and Teaching

Teaching and learning methods

Lecture - 36 hours per semester Seminar - 8 hours per semester

Follow-up work9
Wider reading or practice20
Specialist Laboratory 12
Preparation for scheduled sessions9
Completion of assessment task54
Total study time150

Resources & Reading list

Pfleeger C.P. and Pfleeger S.L (2006). Security in Computing. 

Kennedy, D. et al. (2011). Metasploit: The Penetration tester's Guide. 

Stoll, C (2005). The Cuckoo's Egg. 

Anderson, R (2008). Security Engineering. 



MethodPercentage contribution
Continuous Assessment 50%
Final Assessment  50%


MethodPercentage contribution
Set Task 100%


MethodPercentage contribution
Set Task 100%

Repeat Information

Repeat type: Internal & External

Share this module Share this on Facebook Share this on Twitter Share this on Weibo
Privacy Settings