Anything on the schedule more than 24 hours in advance is subject to change.
The class wiki is particularly useful for additional useful documents, some chosen by fellow students: link.
| Week | Day | Description | Quiz Readings | Additional readings |
|---|---|---|---|---|
| 1 | 1/14 | intro | so you want to be a wizard | |
| 1 | 1/16 | Security and HTTP Basics | what is web app security? | brief history of http xss sqli |
| 2 | 1/21 | Basics wrap-up and TLS | TLS (read through SNI section) | tls handshake tls basics |
| 2 | 1/23 | HTTP & Cookies in depth | HTTP Cookies | Safari ITP more on http headers |
| 3 | 1/28 | JavaScript, Sessions | event loop | JavaScript beginners: re-introduction event loops in node JavaScript veterans: closures inheritance |
| 3 | 1/30 | Sessions, Exploits | cors, xss, and csrf | |
| 4 | 2/4 | Web Frameworks, Homework 2 | web frameworks through the section “How to select a web framework” express middleware |
a simple explanation of express middleware |
| 4 | 2/6 | XSS in detail, CI pipelines | xss, play the xss game | What is Continuous Integration |
| 5 | 2/11 | Backend storage and SQLi | missed quiz on previous day’s readings | |
| 5 | 2/13 | AJAX/Fetch | ajax, fetch | inter-service auth |
| 6 | 2/18 | Final project intro | 12 factor web app, OWASP top 10 | for OWASP, read 10 numbered click-thru links |
| 6 | 2/20 | More on deployment | No quiz | |
| 7 | 2/25 | HTTP 1.1 performance | making http fast | |
| 7 | 2/27 | More making the web fast | reverse proxy, flame graphs | The youtube videos and presentations linked on the flame graph page are also helpful - read whatever helps you understand the content. |
| 8 | 3/3 | Resource Exhaustion Attacks | DoS cheatsheet, SlowLoris, ReDoS | |
| 8 | 3/5 | Midterm | Covers everything through 3/3 | |
| 9 | 3/10 | API protocols: REST etc.; CSP | GitHub REST API exercise What is REST? | Complete the “create a repository” GitHub REST API exercise before class |
| 9 | 3/12 | Front end / Full Stack application architecture; CSP | React step by step guide CSP | If you are interested in React I highly recommend completing the React tutorial |
| 10 | 3/17 | Coronavirus week: informal fun lectures | no readings no quizzes | |
| 11 | 3/31 | Containers & orchestration | IBM vids: 1 2 3 kubernetes | Homework: have a kind installation ready to use during class for exercises. Finish the quickstart up through deleting a cluster to confirm. Ask on Piazza for help setting up. |
| 11 | 4/2 | Application instrumentation | telemetry, canary releasing | optional: canary deployments with k8s |
| 12 | 4/7 | OAuth & JWT | oauth, jwt | helpful vids: 1 2 3 |
| 12 | 4/9 | No class | ||
| 13 | 4/14 | APIs | what’s an api, api management | |
| 13 | 4/16 | Integration | Familiarize yourself with these products: Airtable, Twilio, Pipedream | The quiz will assume you understand how Airtable works, so making an account and playing with a demo base is a good idea (that’s my referral link you totally don’t have to use it, you could even use each other’s if you want). |
| 14 | 4/21 | Google Safe Browsing & Certificate Transparency | GSB 1, 2; CT | Bonus reading: GSB CT |
| 14 | 4/23 | Continued Tuesday + RAPPOR | RAPPOR | video, paper |
| 15 | 4/28 | Privacy: fingerprinting, tracking, TOR | No quiz | |
| 15 | 4/30 | Usable security | No quiz |