331 - Network and Web Security - 2019

Table of Contents


  • The lectures are over. Good luck with exam preparation!

netcraft.png 331 Prizes: we are thrilled to announce that Netcraft will offer an Amazon voucher worth GBP 250 to each of the top 10 performers in the 2019 exam!



  • Office hours: Thursday 5:30pm, Hux 441.
  • Please post your questions on our Piazza page!
    • Other students may benefit from your questions, or may know the answer.
    • We will do our best to answer any remaining questions quickly.
  • We will have some in-class demos. You are welcome to bring your laptop if you want to be hands-on.
  • Preliminary slides will be available on CATE the day before the lecture.
    • Revised slides may be uploaded at a later stage.
  • Suggested reading will be pointed out during the lectures and then posted on this page.
  • Timetable:
    • Mon 2pm-4pm Hux 308 (lecture)
    • Thu 2pm-3pm Hux 311 (lecture)
    • Thu 3pm-4pm Hux 219 (lab)
  • For external students: the registration link is here
  • This course is not being recorded on Panopto.


  • Assessed coursework
    • The exercise was published on 21/2 at 6pm.
    • The deadline for online submission was 6/3 at 2pm.
    • Marks and personalised feedback were provided on 6/3 at 9:30pm.
    • The 'Test' on CATE is just a placeholder for your marks, please ignore.
  • Exam
    • Answer 3 questions out of 4 in 3 hours.
    • The exam is computer-based
      • Each exam question will be roughly half written, half practical.
      • You will submit the written answers electronically via a web app.
      • For the practical part, you will perform tasks such as code review, pentesting, etc on VMs that you will find already installed on the lab desktop.




sergio.jpg Sergio Maffeis (Lecturer). Sergio is a senior lecturer in Computer Security at Imperial. He received his Ph.D. from Imperial and his MSc from University of Pisa, Italy. Maffeis' research interests include security, formal methods, and programming languages. His recent work focuses on the application of formal methods to web security. You can find out more from his home page.

ivan.jpg Ivan Procaccini (Tutorial Helper). Ivan is a Senior Teaching Fellow (Software Development) and a DOC graduate from Imperial.

athanasios.jpg Athanasios Vlontzos (Tutorial Helper). Athanasios is a Teaching Scholar and an EEE graduate from Imperial.

giulio.png Giulio Zizzo (Tutorial Helper). Giulio is a PhD student at Imperial working on intrusion detection for industrial control systems, under the supervision of Prof Hankin.

Guest Lecturers

marco.jpg Marco Cova (Guest Lecturer). Marco is a senior security researcher and a member of the founding team of Lastline, a company providing anti-malware solutions. Before defecting to industry, he was a Lecturer in Computer Security with the School of Computer Science, University of Birmingham. He has received his PhD from the University of California, Santa Barbara.

kuan.jpg Kuan Hon (Guest Lecturer). Dr W Kuan Hon (MA(Cantab), LLM(UPenn), MSc & DIC Computing Science (Imperial), LLM(QMUL), joint law/computer science PhD(QMUL)) is a Director with the Privacy, Security & Information Law team at international law firm Fieldfisher, specialising in data protection/security law particularly in the context of cloud computing and other emerging technologies. An Editor of the Encyclopedia of Data Protection and Privacy, volunteer with the UK Information Commissioner's Office and previously a member of the British Computer Society's Information Privacy Expert Panel, Kuan has been invited to present for ENISA, the Cloud Security Alliance, CERN and UK government departments as well as technology industry conferences. Kuan's book Data Localization Laws and Policy argues for a focus on security over geographic data location. She was lead author of eight chapters of Cloud Computing Law.

charlie.jpg Charlie Hothersall-Thomas (Guest Lecturer). Charlie graduated in 2014 with a BEng in Computing from Imperial College London, and currently works for Netcraft in Bath. His technical expertise includes web security, TLS and PKI, Linux system administration, Bitcoin, and Tor. He started BrowserAudit as his final year project at Imperial.