This course studies the programming and security of web applications. The programming languages for both client- and server-side will be introduced, with security design principles and common vulnerabilities highlighted early on. Open standards and real-world case studies will be used for illustrations. Optimization and performance issues will also be covered. This course also extends to the security threats confronting web browsers, transport layer protocols and web servers, as well as mobile and cloud computing if time permits. Each student will have the opportunity to practice by building and securing an e-commerce website, and finally assess the security of one another's website in a peer-hacking experiment.
Demonstrate understanding of the principles and techniques in the design and development of secure web applications.
Appraise and be inspired on how the web, ranging from browsers to servers, can be attacked and better secured.
Raise security awareness throughout the development of web applications as well as other engineering practices.
All of the relevant class materials will be available on E-learning. The announcement can also be listed on this course web page. Please visit these online resources often and stay tuned for any announcement, supplementary discussions, clarifications and changes pertaining to the content of the course and homework assignments.
Note: The schedule is subject to change.
| Week/Day | Date | Topics to be covered |
|---|---|---|
| Week 1/Thu, Fri | Jan 14, 15 | Course Overview, Basic Concepts [Printable Version] |
| Week 2/Thu, Fri | Jan 21, 22 | User Interface Design I (HTML and CSS) [Printable Version] |
| Week 3/Thu, Fri | Jan 28, 29 | User Interface Design II (JavaScript) [Printable Version] |
| Week 4/Thu, Fri | Feb 4, 5 | Form Handling I (Client-side Implementation) [PDF Version] (updated on Feb 7, or Just Press Ctrl+P (and Select "Landscape") to Print) |
| Feb 11, 12 | [Lunar New Year Holiday] | |
| Week 5/Thu, Fri | Feb 18, 19 | Form Handling II (Server-side Implementation) [Printable Version] (Non-executable sample snippet) |
| Week 6/Thu, Fri | Feb 25, 26 | Web Server and Database Server [Printable Version] |
| Week 7/Thu, Fri | Mar 4, 5 | Authentication and Authorization [Printable Version] (Mid-Term Scope up to and including the slide "Creating Authentication Token") |
| Week 8/Thu, Fri | Mar 11, 12 | Thur: Mid-Term Revision; Fri: Online Mid-Term |
| Week/Day | Date | Topics to be covered (Slides on Blackboard) |
|---|---|---|
| Week 9/Thu, Fri | Mar 18, 19 |
Password Storage & Authentication Web Security 1 - SOP |
| Week 10/Thu, Fri | Mar 25, 26 | Web Security 1- CSRF and XSS |
| [Easter Holiday] | ||
| Week 11/Thu, Fri | Apr 8, 9 |
Web Security 2 - Code injection and other attacks
TLS and Web Browser Security |
| Week 12/Thu, Fri | Apr 15, 16 | TLS, Performance Optimization |
| Week 13/Thu, Fri | Apr 22, 23 | Search Engine Optimization
Penetration Testing, Wrapping up |
Please refer to this document.