← Back to Teaching Portfolio

CMU540: Cyber Security

12-Week Cyber Security Course | OS³ Newman Cyber Security Lab | Birmingham Newman University

Course Overview

Duration: 12 weeks × 3 hours | Total Hours: 36 hours | Focus: Network Security (30%) & Web Application Security (70%)

This comprehensive cyber security course uses the OS³ Newman Cyber Security Lab for practical cyber security education. The course balances network security and web application security through hands-on modules, starting with fundamentals and progressing through web security to network security.

Prerequisites

  • Basic web technologies (HTML, HTTP, TCP/IP)
  • Command line familiarity
  • Basic programming concepts
  • Client-server architecture understanding
1
Cyber Security Fundamentals & Lab Setup
Introduction to security concepts, CIA triad, and OS³ Newman Cyber Security Lab configuration
30 slides • 3 hours • Lab Setup & Fundamentals
2
WEB-ACCESS-01: Broken Access Control
OWASP A01 - Understanding and exploiting access control vulnerabilities
30 slides • 3 hours • Access Control Lab
3
WEB-CRYPTO-01: Cryptographic Failures
OWASP A02 - Cryptographic vulnerabilities and secure implementation
28 slides • 3 hours • Crypto Lab
4
WEB-SQL-01: SQL Injection
OWASP A03 - SQL injection attacks and prevention techniques
32 slides • 3 hours • SQL Injection Lab
5
WEB-XSS-01: Cross-Site Scripting
OWASP A03 - XSS vulnerabilities and client-side security
30 slides • 3 hours • XSS Lab
6
WEB-CSRF-01 & WEB-CONFIG-01: Insecure Design & Misconfiguration
OWASP A04 (CSRF) & A05 - Secure design principles and configuration management
35 slides • 3 hours • CSRF & Configuration Lab
7
WEB-VULN-01 & WEB-AUTH-01: Vulnerable Components & Authentication
OWASP A06 & A07 - Third-party vulnerabilities and authentication failures
33 slides • 3 hours • Component & Auth Lab
8
WEB-DATA-01 & WEB-LOG-01: Data Exposure & Logging
OWASP A08 & A09 - Data protection and security logging implementation
31 slides • 3 hours • Data & Logging Lab
9
WEB-SSRF-01 & WEB-UPLOAD-01: SSRF & File Upload Security
OWASP A10 & File Upload - Server-side request forgery and secure file handling
29 slides • 3 hours • SSRF & Upload Lab
10
Hackathon: Web Security Challenge
Intensive hands-on session applying all web security concepts learned so far
20 slides • 3 hours • Web Security Hackathon
11
NET-PROTO-01, NET-SCAN-01 & NET-DNS-01: Network Security Fundamentals
Protocol security, port scanning, and DNS security analysis
38 slides • 3 hours • Network Security Lab
12
NET-TRAFFIC-01, NET-FIREWALL-01 & Final Assessment
Traffic analysis, firewall configuration and comprehensive security assessment
45 slides • 3 hours • Final Lab Assessment

Assessment Overview

CMU540: Cyber Security features a comprehensive assessment structure designed to evaluate practical security skills developed through the OS³ Newman Cyber Security Lab.

Comprehensive Security Assessment (100%)

Project Type: Individual security assessment using OS³ Newman Cyber Security Lab

Scope: Web application and network security assessment

Requirements: Complete security analysis covering OWASP Top 10 and network security modules

Due: End of course (consultation with tutor required)

Project Requirements

  • Web Security Assessment: Comprehensive analysis of OWASP Top 10 vulnerabilities
  • Network Security Analysis: Network protocol security and traffic analysis
  • Lab Environment Utilization: Effective use of OS³ Newman Cyber Security Lab
  • Technical Report: Professional security assessment report with findings
  • Ethical Considerations: Legal and ethical compliance documentation
  • Practical Demonstration: Live demonstration of security assessment techniques

Learning Outcomes Assessed

  • Demonstrate understanding of cyber security fundamentals and principles
  • Apply OWASP Top 10 security controls and mitigation strategies
  • Conduct network security analysis and traffic monitoring
  • Utilize OS³ Newman Cyber Security Lab for practical security assessment
  • Implement secure coding practices and security configurations
  • Perform comprehensive security assessments and vulnerability analysis

Module Quizzes

Test your knowledge with interactive quizzes for each session. Each quiz contains questions based on the lecture content and practical exercises.

Quiz 1: Cyber Security Fundamentals & Lab Setup

Test your understanding of fundamental security concepts and OS³ Newman Cyber Security Lab setup.

Questions: 15 | Time: 20 minutes

Quiz 2: WEB-ACCESS-01 - Broken Access Control

Assess your knowledge of OWASP A01 access control vulnerabilities.

Questions: 15 | Time: 20 minutes

Quiz 3: WEB-CRYPTO-01 - Cryptographic Failures

Evaluate your understanding of OWASP A02 cryptographic vulnerabilities.

Questions: 15 | Time: 20 minutes

Quiz 4: WEB-SQL-01 - SQL Injection

Test your knowledge of OWASP A03 SQL injection attacks.

Questions: 15 | Time: 20 minutes

Quiz 5: WEB-XSS-01 - Cross-Site Scripting

Assess your understanding of OWASP A03 XSS vulnerabilities.

Questions: 15 | Time: 20 minutes

Quiz 6: WEB-CSRF-01 & WEB-CONFIG-01 - Insecure Design & Misconfiguration

Test your knowledge of OWASP A04 (CSRF) and A05 security misconfigurations.

Questions: 15 | Time: 20 minutes

Quiz 7: WEB-VULN-01 & WEB-AUTH-01 - Vulnerable Components & Authentication

Evaluate your understanding of OWASP A06 and A07 vulnerabilities.

Questions: 15 | Time: 20 minutes

Quiz 8: WEB-DATA-01 & WEB-LOG-01 - Data Exposure & Logging

Test your knowledge of OWASP A08 and A09 data protection and logging.

Questions: 15 | Time: 20 minutes

Quiz 9: WEB-SSRF-01 & WEB-UPLOAD-01 - SSRF & File Upload Security

Assess your understanding of OWASP A10 SSRF and file upload vulnerabilities.

Questions: 15 | Time: 20 minutes

Quiz 10: Hackathon - Web Security Challenge

Practical assessment applying all web security concepts learned in weeks 2-9.

Questions: 20 | Time: 30 minutes

Quiz 11: NET-PROTO-01, NET-SCAN-01 & NET-DNS-01 - Network Security Fundamentals

Test your knowledge of protocol security, port scanning, and DNS security.

Questions: 18 | Time: 25 minutes

Quiz 12: NET-TRAFFIC-01, NET-FIREWALL-01 & Final Assessment

Comprehensive assessment covering traffic analysis, firewall configuration and integrated security.

Questions: 25 | Time: 35 minutes

Further Reading & Resources

Explore additional resources to deepen your understanding of cyber security. These carefully selected materials include official documentation, educational videos, and academic articles.

Security Standards

OWASP Top 10 – Web Application Security Risks

Comprehensive guide to the most critical web application security risks and mitigation strategies. Essential resource for understanding modern web security threats.

Visit OWASP Top 10
Government Standards

NIST SP 800-57 Part 1 – Recommendation for Key Management

Official NIST guidelines for cryptographic key management and security standards. Essential reference for understanding cryptographic security practices.

Download NIST Document
Cryptographic Principles

Kerckhoffs's Principle – Foundations of Cryptographic Design

Fundamental principle of cryptographic security design. Understanding the basis for modern cryptographic systems and security through obscurity.

Read on Wikipedia
Research Review

Cyber Risk and Cybersecurity: A Systematic Review of Data Availability

Comprehensive academic review examining cyber risk assessment methodologies and data availability challenges in cybersecurity research.

Read Research Paper
Hardware Security

Modern Hardware Security: Attacks and Countermeasures

Research paper covering modern hardware security threats, side-channel attacks, and defensive strategies for hardware systems.

Read on arXiv
Emerging Threats

The New Frontier of Cybersecurity: Emerging Threats and Innovations

Analysis of cutting-edge cybersecurity threats and innovative defensive technologies shaping the future of digital security.

Read on arXiv
AI in Cybersecurity

Artificial Intelligence for Cybersecurity: Threats, Attacks and Mitigation

Comprehensive study of AI applications in cybersecurity, including AI-powered attacks and defensive AI systems.

Read on arXiv
Security Convergence

Security Convergence – Cyber-Physical Risk Integration

Understanding the integration of cybersecurity with physical security systems and the convergence of security domains.

Read on Wikipedia
UK Security Report

Why Cybersecurity Must Be Secure by Design (UK Report)

UK-focused report on secure-by-design principles and the importance of building security into systems from the ground up.

Read UK Report
Hands-On Learning

TryHackMe – Hands-On Cybersecurity Labs

Interactive cybersecurity learning platform with practical labs, challenges, and real-world security scenarios for hands-on experience.

Start Learning

Additional Resources

  • Security Tools: Wireshark, Metasploit, Nmap, Burp Suite
  • Learning Platforms: TryHackMe, HackTheBox, VulnHub
  • Security Frameworks: NIST, ISO 27001, CIS Controls
  • Certifications: CompTIA Security+, CEH, CISSP
  • Security News: KrebsOnSecurity, The Hacker News, Dark Reading
  • Practice Labs: DVWA, WebGoat, OWASP Juice Shop