Web Trust and Security Project
The Big Idea
Within the domain of Web Science in general but also in the context of Web Trust and Security in particular, the initiation, definition, development, planning, executing, and evaluation of projects are essential for professional work. In many well-established areas of software development, models as the waterfall model or the V-model stand for the classical (sometimes outdated) approach. In contrast to this the projects in the context of Web Trust and Security are typically characterized by an iterative and more agile approach, like implemented by scrum, and take multiple perspectives into account.
Based on this kind of approach to performing projects special aspects of the other courses of this module will be deepened. The project work is being done in groups, each group working on different topics and consisting of presumably two to five students, depending on the number of participants. Due to the setup of the master programme, the students work from their habitations. As a consequence the work shall be organized based on web tools.
The project main focus is to exemplarily use the methods from the courses Web Security, Web Trust and Risk Management the achieve appropriate results in these parts of the project.
Intended Learning Outcomes
As a result of the course, participating students will become acquainted with the development of web projects with the focus on web trust and security. Especially they should be able to …
Structure of the Course
The course ist structured into three phases
Students develop and design case studies as projects in groups of up to five members. The objectives of the projects will be defined by the students themselves. For remote teamwork, students agree upon a collaboration infrastructure based on current Web 2.0 collaboration tools.
The case studies focus on Web based systems and their relevant Trust, Security aspects and Risk Management aspects. The main activity is to conclusively derive security and trust measures from the overall goals of the project. In particular this also comprises security and trust goals. Nevertheless security and trust goals also derive from the overall project goals (e.g. business goals). Students apply the methods introduced in the other courses of this module. In particular this includes the method of risk analysis introduced in the Web Security course.
Phase One: Group building and project idea
The Students form groups of up to fivemembers. They perform a brainstorming to develop an idea of a web based system to be designed and defined. The groups will develop an Exposé for their project idea, based on a detailed research on their topic. In Particular the Exposé contains a Mission Statement as a foundation for all following steps.
Phase Two: Concept
The groups develop a Basic Project Concept, containing:
The latter two points are the central results, form the principal part of the concept and need to be elaborated extensively according to the methods presented in the Web Security course. The other parts mentioned above are elaborated just briefly. To practice the concepts presented in the Web Trust course and/or the Risk Management course the students also elaborate in a well-detailed manner
depending on the courses the group members enrolled in.
The groups continue to refine their solutions. Preferable results might be
Phase Three: Result presentation and discussion
In a third phase the project essence shall be presented on a set of slides, representing the key contents of the project as outlined in the phases above. Additionally students reflect on their findings during execution of the project. Structure and guidelines for slide presentations are result of students research on this topic. The resource for these guidelines is explicitly given before the presentation.
Didactic Concept, Schedule and Assignments
The course concept contains online workshops, online discussions, milestone meetings and audits. In addition there is an introductory and final on site presence.
Introductory lesson on site
Kick-Off: After a short repetition of the relevant course details specific projects concerning current topics in web trust and security will be presented. As a result of this introductory workshop the students will form groups and subsequently choose a project and herewith a relevant perspective. As an additional preparation for the introductory lesson the references given should be read.
Online sessions for the commitment on the project concepts
The online sessions are used by students presenting their intermediate results for the phases mentioned above. For each group at least one intermediate presentation covering Phase One or Phase Two is mandatory. For each Phase corresponding documents are uploaded into the course page as deliverables to be graded. Furthermore time slots for individual advice by the lecturer can be booked by each group. Point for discussion might be explanation of milestones, clarifications and so on. The subsequent performance of the projects depends on the individual project plans. Each group will have to define two milestones, where online status meetings are being held with the relevant course lecturer. The students report their progress related to the milestone definition. The results of each Phase are documented in written form and serve as a basis for grading. It is the students task to bring forward the project an to generate progress. It is also the students task to identify necessary information and to request and obtain the information during the consultation times of the online sessions. After the last Online session each group slests another group whose results are subject to a peer review. The allocation of the peer review groups follows the principle known from the Web Security course.
Wrap-up session on site
The projects are finalized by the on-site meeting, where the project groups present their work and discuss it with the course lecturer and the perspective lecturers. The session is performed as a plenary session and it is the purpose to motivate all participants to contribute also their views to the projects. The peer reviews follow each groups presentation.
Rating of the work performed
The project plan (concept and schedule) and its further development, the presentation document, the presentation during the wrap-up session on site, the contribution via peer review and the participation in the discussion serve as the base for the grade.
Criteria for grading
 ANDREWS, Mike, WITTHAKER, James A.: How to Break Web Software: Functional and Security Testing of Web Applications and Web Services. Addison-Wesley Longman, Amsterdam 2006
 BROGAN, Chris; SMITH, Julien: Trust Agents – Using the Web to build Influence, improve Reputation, and earn Trust. John Wiley & Sons Inc., Hoboken, New Jersey 2010
 HADNAGY, Christopher: The Art of Human Hacking. Wiley Publishing Inc., Crosspoint Boulevard, Indianapolis 2011
 MICROSOFT CORPORATION: When to trust a website. http://windows.microsoft.com/en-us/windows-vista/When-to-trust-a-website (Retrieved 30/05/2012)
 O’HARA, Kieron; HALL, Wendy: Web Science. http://eprints.soton.ac.uk/265682/1/OHara-Hall-ALT-N-Web-Science.pdf (Retrieved 09/10/2017)
 SCHNEIER, Bruce: Liars and Outliers – Enabling Trust in a Society that needs to thrive. John Wiley & Sons Inc., Crosspoint Boulevard, Indianapolis 2012
 SCHNEIER, Bruce: Secrets & Lies – Digital Security in a Networked World. Wiley Publishing Inc., Indianapolis, Indiana 2004
Current Course Page
Past Course Pages