Faculty Syllabus

Approved Course Texts/Readings

Internet Security and Web Applications, Third Edition by Mike Harwood and Ron Price Jones & Bartlett Publishing   ISBN: 9781284267952

Note: This electronic book comes with built-in virtual (electronic) labs referred to as
eLabs on the schedule. Must purchase the book from the bookstore or other source. 

The Web Application Hacker's Handbook, 2nd Edition by Dafydd Stuttard and Marcus Pinto - available through O’Reilly books for Higher Education for FREE.

Note: This is referred to as WAHH on the schedule.

Instructional Methodology

This course is built around a competency-based structure, meaning you must demonstrate mastery in one area before moving on to the next. Think of it as building a strong foundation. Each level prepares you for the one that follows.

Orientation and Forced Sequence

• You must complete the Orientation assessment with a perfect score (100%). Until that is done, Competency 2 remains locked.
• Each competency (starting with #1) ends with a project. You must submit the project to unlock the next competency.
• The Capstone becomes available after Orientation. Review it early and plan ahead. No late submissions.
• To “complete” each section, use the button or checkbox in the LMS to mark the section complete.

About Assessment Attempts

You have one attempt for all Assessments and Checkpoints (mini-quizzes). Study carefully.

Pace and Deadlines

You may work ahead, but competency deadlines are firm. Once a due date passes, you will not be able to go back and submit. Manage your time and stay on schedule.

Project Submissions and Policies

• Each competency includes a project. Look for the “PROJECT #X – Submission” link.
• There is usually an instructions link for each project. Read carefully.
• Late submissions: 10% deduction for each calendar day late. Nothing accepted after day 3.
• Incorrect file format: 20% deduction automatically. Follow deliverables exactly.
• Always cite your sources, including AI tools like ChatGPT, unless otherwise specified.

📅 Due Dates & Deadlines

All due dates are listed in Blackboard Ultra and linked to the calendar tool. You are responsible for checking the calendar regularly and keeping on schedule.

This course is flexible in pace, but that flexibility requires excellent time management. You can work ahead, but not behind.

Grade Policy

Grades are based on both concepts and practical applications, including assessments, activities, and programming assignments.

Assessments

Each competency includes an assessment. All exams are open book and must be completed by the due date. Exam links are removed at 11:59 PM Central Time on the due date.

There are no makeup exams and no extra credit. Missed exams receive a grade of zero (0).

Grading Scale

This course is designed so that doing the bare minimum earns a C at best. For a B or higher, submit the higher end of requirements and potentially above. Example: if instructions require 1–3 pages, one page starts you near a C, 2–3 pages supports a B, and 3+ pages can support an A, depending on grammar, formatting, citations, and rubric requirements.

READ the rubrics

Course Requirements

Time Commitment

This is a junior-level college class. Expect to spend 10–12+ hours per week on reading, labs, projects, and assignments. Do not wait until the last minute.

Reading Assignments

Assigned readings and supplemental materials are essential. Students who struggle are often marking sections complete without actually reading materials. Skipping walkthroughs often leads to poor project performance.

Tutorials

Some topics include tutorials to reinforce understanding. These may be included in assessments.

Discussions

Participation in class discussions may count as your attendance score if this is an online-only section.

Attendance and Participation

If the college closes due to emergencies, students must communicate with the instructor and complete assigned work. Online courses may continue during closures.

Course Schedule

Schedule changes may occur and will be posted on Blackboard and emailed. Students are responsible for checking announcements and email regularly.

Programming Assignments

All assignments must be completed independently and submitted through Blackboard by the due date as described in instructions and deliverables. Submissions close four days after the due date. Late work receives a 10% deduction per day.

Withdrawal Policy

Students are responsible for officially withdrawing if they decide to leave the course. Check the academic calendar for deadlines and keep a copy of your withdrawal confirmation. The instructor may also withdraw students at their discretion.

🐉 COMPETENCY 1 - START HERE: YOUR QUEST INTO AI AND SECURITY TOOLS

Understanding ethical and legal AI use is essential, as technology decisions create real-world consequences. Students learn the risks of bias, misinformation, and privacy violations, while responsible practices foster compliance, trust, and workplace readiness. They examine how version control and containerization affect cybersecurity, using Git and GitHub for secure collaboration, history tracking, and rollback, and Docker for consistent environments, streamlined deployment, and unique security challenges. Tied directly to penetration testing, these tools reveal both misconfigurations and defenses. Coding is reinforced as a core skill, enabling automation, tool adaptation, and exploit analysis for effective cybersecurity practice.

💙   COMPETENCY 2 - SERVERS: THE HEART OF THE DIGITAL KINGDOM

Students learn how clients and servers interact through requests, responses, and routing. They explore what clients are, their types, and how they connect with servers like web, database, and application servers. The request–response cycle is examined step by step, from DNS lookup to server replies, highlighting security concerns. Students study routing’s role in access control and security, then explore MVC patterns in Node.js, Django, and Spring Boot. APIs and JSON are introduced as the glue between systems, along with URL encoding for safe data transmission. The module concludes with a CRUD-based challenge, applying theory to practice.

🌉COMPETENCY 3 - CLIENTS TO DATABASES: BRIDGES OF THE WEB

Students will build skills to evaluate, design, and secure modern web apps through readings and hands-on exercises. Core content covers HTML, forms, CSS, JavaScript, and the DOM, with a guided walkthrough analyzing form security issues. Topics include HTML5 validation, cookies, sessions, and the importance of client- and server-side validation. Practical work ties to frameworks showing how routing, payloads, and code structure expose vulnerabilities. Students learn secure coding, input validation, output encoding, and prepared statements to defend against SQL injection and XSS. Additional focus includes cookies, HTTP headers, HTTPS, vulnerability assessments, database hardening, authentication, API security, and user training.

COMPETENCY 4 - FORGING THE FUTURE: FROM SOHO STRONGHOLDS TO EMERGING POWERS

Students will explore how encryption, authentication, and secure coding practices safeguard mobile and SOHO environments from cyber threats. They will identify risks tied to mobile communications, IoT devices, and public Wi-Fi, and apply layered defense strategies to secure cloud services, apps, and endpoints. The course emphasizes evaluating incident response planning, security assessments, and compliance frameworks to maintain resilience. Finally, students will recognize the importance of user training and awareness in reducing human error and building a stronger cybersecurity culture in small office and home office settings.

CAPSTONE - MONSTER BOUNTY: THE GREAT HUNT

Students will step into the role of real-world security consultants. The Monster Bounty project brings together everything students have practiced—building, testing, and attacking web applications—so they can demonstrate both technical skills and professional communication. Students will analyze vulnerabilities through hands-on testing, document clear evidence, and evaluate the risks those flaws pose to ACME Insights. From there, they will recommend solutions that developers and executives can act on. Finally, students will compose a professional vulnerability assessment report, showing that they not only understand how to find issues but also why they matter and how to fix them. This project proves their readiness for industry work.

Course Description

This course introduces students to a broad range of web and database vulnerabilities and security issues using methodologies evolved from OWASP and other sources. Students will learn how to defend against attacks and mitigate risks, including applying principles to e-commerce web applications and mobile devices.

We will discuss the full software development lifecycle including security when moving through requirements, analysis, design, coding, testing, deployment, operations, and long-term maintenance. You will work with modern tools and platforms used in industry.

Students should already be comfortable with programming logic, control structures, and breaking problems into clear steps. This level of preparation is expected from day one and throughout the semester.

This course also examines database vulnerabilities from a platform perspective, focused on collecting, maintaining, and disseminating information about discovered vulnerabilities targeting real computer systems. The database may describe the identified vulnerability, assess potential impact, and document workarounds to deter attacks.

This course also assesses a wide range of web vulnerability types including Cross-Site Scripting, SQL injection, CSRF injection, and insufficient transport layer weaknesses. It also explores how data is transported from client to server to databases through basic full stack development programming and database construction and design.

Course Objectives / Learning Outcomes

1. Examine basic database and web application security models
2. Apply database and web application security standards
3. Recommend cryptographic requirements as they pertain to database and web applications
4. Evaluate mobile platform attack vectors
5. Assess insider threats and malware
6. Develop plans for mitigating risks
7. Perform web application vulnerability assessments
8. Prepare reports based on web vulnerability analyses and recommendations
9. Design applications using JavaScript, Python, and SQL-related databases
10. Analyze web application code and database queries for potential vulnerabilities

Introduction

In this course, Generative AI (GAI) tools—such as ChatGPT, Copilot, Bard, and similar platforms—can be powerful aids for learning and creativity. I support their responsible, transparent, and ethical use when it enhances understanding and does not replace your own critical thinking or original work. In fact, you will have AI assignments which must be completed before starting other course work.

Used correctly, these tools can help you explore ideas, understand terminology, and see multiple approaches to solving a problem. Used incorrectly, they can hide gaps in understanding and produce work that looks correct but is not. This policy sets clear expectations so you can use these tools in ways that strengthen your skills and protect academic integrity.

Rationale

In the world today, being able to use AI is a must. Even in non-programming roles, the understanding and uses of AI are inescapable and required for all jobs eventually. But to use it correctly, you need to understand what it can do and how it can be used to break things very easily. Imagine GAI as a 6-foot chainsaw that everyone now has. But do you need a 6-foot chainsaw for everything? Use it responsibly.

In technical fields, AI can speed up learning, but it can also amplify mistakes. AI can generate insecure code, misleading explanations, and incorrect citations with high confidence. Learning to verify outputs, recognize limitations, and document your process is part of professional readiness. This course treats AI literacy as a real-world skill that must be practiced with discipline and good judgment.

Definition

For this course, GAI refers to any technology that can generate text, code, images, audio, or other media in response to prompts, including—but not limited to—OpenAI ChatGPT, Google Gemini, GitHub Copilot, DALL·E, and similar AI-driven content creation tools. If you must tell the system what to do, chances are it is AI and falls under this category. Applications like Grammarly and Zotero are great for typos, grammar, and citations BUT they do not always work! Please double check your citation submissions!

This definition includes tools embedded inside editors, browsers, learning platforms, and search engines when they produce generated output rather than simply retrieving sources. If a tool is “suggesting” full sentences, paragraphs, solutions, or code blocks based on prompts or context, it is included. When in doubt, treat the tool as GAI and disclose its use so there is no confusion later.

Resources

• Review the tool’s terms of service and privacy settings.
• Cross-check AI-generated content with authoritative sources.
• Use AI output only as a starting point, not as a final submission, unless noted in assignments and assessments.
• Apply proper citations when AI output informs your work.

For technical topics, “authoritative sources” means official documentation, standards, reputable textbooks, and instructor-provided materials. If AI provides a claim, you should be able to verify it independently. Keep brief notes about what you asked, what you received, what you accepted or rejected, and why. This habit strengthens learning and makes disclosure easy.

Assessment

Unless otherwise noted, all assignments must reflect your own comprehension and skills. AI assistance must be disclosed as a formal APA 7 citation when used. See Resources link for how to use APA 7 properly.

Disclosure is required whether AI helped you generate content, refine wording, produce code, summarize sources, or brainstorm approaches. If AI influenced your final submission in any meaningful way, cite it. Your grade depends on demonstrating your understanding, so you should be prepared to explain and defend your choices, your code, and your reasoning without relying on the tool during grading.

Penalties

Failure to follow this policy—including failure to disclose AI use—will be treated as a violation of the college’s academic integrity policy. Penalties may include a zero for the assignment, additional work, or escalation to the Academic Integrity Committee.

This includes submitting AI-generated work as if it were entirely your own, using AI during restricted activities, or presenting generated output that you do not understand. Penalties may also apply when citations are missing, misleading, or intentionally vague. If you are unsure whether your use requires disclosure, disclose it. Transparency protects you.

Exceptions

Specific assignments may prohibit AI use entirely (e.g., in-class exams) or require it (e.g., AI prompt engineering exercises). Such exceptions will be clearly stated in the assignment instructions.

When AI is prohibited, you must complete the work without AI assistance, including drafting, rewriting, or “checking” your work with a tool. When AI is required, you must follow the stated workflow, including documenting prompts and outputs, and meeting any citation or submission rules. If instructions conflict, the assignment instructions take precedence.

Usage Permissions

Please closely read requirements for all assignments and submissions as they differ from one to the next.

Some tasks will allow AI for brainstorming but not for final wording. Other tasks may allow AI-generated starter code but require you to modify, test, and explain it. In all cases, you are responsible for the final product you submit, including correctness, security, and clarity. If an assignment requires disclosure details, follow that format exactly.