IERG4210 Web Programming and Security (Spring 2021)

(Piazza)

Instructor:

Lecture Time:


Tutors:

Tutorial Time:


Course Description

Course Objectives

This course studies the programming and security of web applications. The programming languages for both client- and server-side will be introduced, with security design principles and common vulnerabilities highlighted early on. Open standards and real-world case studies will be used for illustrations. Optimization and performance issues will also be covered. This course also extends to the security threats confronting web browsers, transport layer protocols and web servers, as well as mobile and cloud computing if time permits. Each student will have the opportunity to practice by building and securing an e-commerce website, and finally assess the security of one another's website in a peer-hacking experiment.

Learning Outcomes

Online Course Material

Topics to be covered (subject to change)


Tentative teaching schedule:

Note: The schedule is subject to change.

Part I Web Programming

Week/Day Date Topics to be covered
Week 1/Thu, Fri Jan 14, 15 Course Overview, Basic Concepts [Printable Version]
Week 2/Thu, Fri Jan 21, 22 User Interface Design I (HTML and CSS) [Printable Version]
Week 3/Thu, Fri Jan 28, 29 User Interface Design II (JavaScript) [Printable Version]
Week 4/Thu, Fri Feb 4, 5 Form Handling I (Client-side Implementation) [PDF Version] (updated on Feb 7, or Just Press Ctrl+P (and Select "Landscape") to Print)

Feb 11, 12 [Lunar New Year Holiday]
Week 5/Thu, Fri Feb 18, 19 Form Handling II (Server-side Implementation) [Printable Version] (Non-executable sample snippet)
Week 6/Thu, Fri Feb 25, 26 Web Server and Database Server [Printable Version]
Week 7/Thu, Fri Mar 4, 5 Authentication and Authorization [Printable Version] (Mid-Term Scope up to and including the slide "Creating Authentication Token")
Week 8/Thu, Fri Mar 11, 12 Thur: topic t.b.a.; Fri: Online Mid-Term

Part II Web Security

Week/Day Date Topics to be covered
Week 9/Thu, Fri Mar 18, 19 Web Security 1 - XSS and CSRF
Week 10/Thu, Fri Mar 25, 26 Web Security 2 - Code injection and other attacks


[Easter Holiday]
Week 11/Thu, Fri Apr 8, 9
Week 12/Thu, Fri Apr 15, 16
Week 13/Thu, Fri Apr 22, 23

Student and Teacher Expectations

Please refer to this document.