Application security


This module analyses the role of security from the perspective of business application design.

The aim is to learn the fundamental processes that need to be incorporated into the application development life-cycle, and thus how to integrate security as a core component within an application architecture. This module uses case studies to support the learning of these fundamental application security design skills, to understand what decisions need to be made to both meet business requirements and to mitigate information security risks.


IYM001 Security Management, IYM002 Introduction to Cryptography and IYM003 Network Security

Topics covered

  • Application development
  • Application security technology
  • Payment security
  • Secure electronic commerce

Learning outcomes

If you complete the module successfully, you should be able to:

  • recognise a variety of security issues that arise in applications.
  • review how the various security issues in a particular application relate to one another.
  • understand how and why businesses address specific security concerns in their applications.
  • appreciate various aspects of integrating security into the application development lifecycle.
  • analyse how security aims are met in a particular application.
  • evaluate the effectiveness of security mechanisms in the technical and business context of the case studies.


This module is assessed by a two-hour unseen written examination.

Essential reading

  • Principles of Information Security (Whitman and Mattord)
  • Threat Modelling: Designing for Security (Adam Shostack, Wiley, 2014)