IERG4210 Web Programming and Security (Spring 2021)



Lecture Time:


Tutorial Time:

Course Description

Course Objectives

This course studies the programming and security of web applications. The programming languages for both client- and server-side will be introduced, with security design principles and common vulnerabilities highlighted early on. Open standards and real-world case studies will be used for illustrations. Optimization and performance issues will also be covered. This course also extends to the security threats confronting web browsers, transport layer protocols and web servers, as well as mobile and cloud computing if time permits. Each student will have the opportunity to practice by building and securing an e-commerce website, and finally assess the security of one another's website in a peer-hacking experiment.

Learning Outcomes

Online Course Material

Topics to be covered

Tentative teaching schedule:

Note: The schedule is subject to change.

Part I Web Programming

Week/Day Date Topics to be covered
Week 1/Thu, Fri Jan 14, 15 Course Overview, Basic Concepts [Printable Version]
Week 2/Thu, Fri Jan 21, 22 User Interface Design I (HTML and CSS) [Printable Version]
Week 3/Thu, Fri Jan 28, 29 User Interface Design II (JavaScript) [Printable Version]
Week 4/Thu, Fri Feb 4, 5 Form Handling I (Client-side Implementation) [PDF Version] (updated on Feb 7, or Just Press Ctrl+P (and Select "Landscape") to Print)

Feb 11, 12 [Lunar New Year Holiday]
Week 5/Thu, Fri Feb 18, 19 Form Handling II (Server-side Implementation) [Printable Version] (Non-executable sample snippet)
Week 6/Thu, Fri Feb 25, 26 Web Server and Database Server [Printable Version]
Week 7/Thu, Fri Mar 4, 5 Authentication and Authorization [Printable Version] (Mid-Term Scope up to and including the slide "Creating Authentication Token")
Week 8/Thu, Fri Mar 11, 12 Thur: Mid-Term Revision; Fri: Online Mid-Term

Part II Web Security

Week/Day Date Topics to be covered (Slides on Blackboard)
Week 9/Thu, Fri Mar 18, 19 Password Storage & Authentication
Web Security 1 - SOP
Week 10/Thu, Fri Mar 25, 26 Web Security 1- CSRF and XSS

[Easter Holiday]
Week 11/Thu, Fri Apr 8, 9 Web Security 2 - Code injection and other attacks
TLS and Web Browser Security
Week 12/Thu, Fri Apr 15, 16 TLS, Performance Optimization
Week 13/Thu, Fri Apr 22, 23 Search Engine Optimization
Penetration Testing, Wrapping up

Final Examination

Online examination on May 12, 2021 during 15:30 - 17:30. Please check Blackboard for details.

Student and Teacher Expectations

Please refer to this document.