Course Schedule
Each day’s reading corresponds to the content that will be covered on that day’s beginning of class quiz.
Abbreviations:
- TTW: The Tangled Web
- LWAD: Learning Web App Development
Week | Day | Description | Readings | Notes & non-quizzed readings |
---|---|---|---|---|
1 | 8/28 | intro | Course overview, expectations, basics | |
1 | 8/30 | Security Fundamentals | TTW: Chapter 1 What is a Web Application? |
LWAD: Chapter 2 (recommended if you have never touched HTML or if you need a refresher) Brief History of HTTP |
2 | 9/4 | Labor Day, no class | ||
2 | 9/6 | HTTPS: How to deliver the web to the user | The HTTPS-Only Standard certificate basics |
Quiz will only cover the Introduction to HTTPS and Certificates sections of The HTTPS-Only Standard, but the entire site is good (feel free to skip the government specific recommendations). |
3 | 9/11 | More on HTTP & HTTPS, dynamic web intro | LWAD: Ch. 4 TTW: Ch. 6 |
|
3 | 9/13 | Building web applications with JS | review previous day readings | no beginning of class quiz |
4 | 9/18 | Client side security basics | TTW: Ch. 4 and Ch. 9 | Candybox extra credit due before class |
4 | 9/20 | Client side security: hands on | review previous day readings | Bring at least one laptop per three people: choose your own groups |
5 | 9/25 | Server side application basics | LWAD: Ch. 6 | |
5 | 9/27 | Server side: best practices, backing stores | LWAD: Ch. 9 | |
6 | 10/2 | Single page applications | goals of a SPA benefits of a SPA |
|
6 | 10/4 | Testing your code | Guest lecture by Peter Snyder No quiz |
|
7 | 10/9 | More on SPA, REST APIs, and Security thereof | No quiz | |
7 | 10/11 | Client side storage | client side storage | |
8 | 10/16 | Server side storage | LWAD: Ch. 7 NoSQL Injection in MongoDB |
|
8 | 10/18 | Deploying code: server side and client side | No quiz | |
9 | 10/23 | Advanced browser APIs, browser extensions | No quiz Guest lecture by Peter Snyder |
|
9 | 10/25 | Defending Web Applications | TTW: Chapter 16 | |
10 | 10/30 | Attacking and defending user privacy | No quiz | |
10 | 11/1 | Midterm | Study guide posted to Piazza on or before 10/25 | |
11 | 11/6 | OAUTH and Single Sign On | No quiz | |
11 | 11/8 | Usable web security | no quiz | |
12 | 11/13 | App deployment | no quiz | |
12 | 11/15 | Realtime apps and project feedback | guest lecture by Pete Snyder; no quiz |