Course Schedule

Each day’s reading corresponds to the content that will be covered on that day’s beginning of class quiz.


  • TTW: The Tangled Web
  • LWAD: Learning Web App Development
Week Day Description Readings Notes & non-quizzed readings
1 8/28 intro   Course overview, expectations, basics
1 8/30 Security Fundamentals TTW: Chapter 1
What is a Web Application?
LWAD: Chapter 2 (recommended if you have never touched HTML or if you need a refresher)
Brief History of HTTP
2 9/4 Labor Day, no class    
2 9/6 HTTPS: How to deliver the web to the user The HTTPS-Only Standard
certificate basics
Quiz will only cover the Introduction to HTTPS and Certificates sections of The HTTPS-Only Standard, but the entire site is good (feel free to skip the government specific recommendations).
3 9/11 More on HTTP & HTTPS, dynamic web intro LWAD: Ch. 4
TTW: Ch. 6
3 9/13 Building web applications with JS review previous day readings no beginning of class quiz
4 9/18 Client side security basics TTW: Ch. 4 and Ch. 9 Candybox extra credit due before class
4 9/20 Client side security: hands on review previous day readings Bring at least one laptop per three people: choose your own groups
5 9/25 Server side application basics LWAD: Ch. 6  
5 9/27 Server side: best practices, backing stores LWAD: Ch. 9  
6 10/2 Single page applications goals of a SPA
benefits of a SPA
6 10/4 Testing your code   Guest lecture by Peter Snyder
No quiz
7 10/9 More on SPA, REST APIs, and Security thereof   No quiz
7 10/11 Client side storage client side storage  
8 10/16 Server side storage LWAD: Ch. 7
NoSQL Injection in MongoDB
8 10/18 Deploying code: server side and client side   No quiz
9 10/23 Advanced browser APIs, browser extensions   No quiz
Guest lecture by Peter Snyder
9 10/25 Defending Web Applications TTW: Chapter 16  
10 10/30 Attacking and defending user privacy   No quiz
10 11/1 Midterm   Study guide posted to Piazza on or before 10/25
11 11/6 OAUTH and Single Sign On   No quiz
11 11/8 Usable web security   no quiz
12 11/13 App deployment   no quiz
12 11/15 Realtime apps and project feedback   guest lecture by Pete Snyder; no quiz