Course policies and syllabus


Building modern web applications requires integrating concepts from software engineering, systems programming, and computer security. In this course students use these concepts to design, deploy, scale, attack, and defend modern web applications.

Evaluation will include in class quizzes and discussion questions, a midterm, a final, and individual projects.

Learning Outcomes

This class will teach students the concepts and techniques that enable web applications to maintain high performance in the face of numerous users and attackers. Students will learn and be able to apply software engineering concepts to manage the complexity of client-side and server-side software. Students will learn and be able to apply computer systems concepts to manage the scalability of the web application, and provide performant service to large numbers of simultaneous users. Students will learn and be able to apply computer security concepts to designing a web application which is robust to known and unknown attacks. Students will gain familiarity and facility with modern tools which enable creating applications that apply the aforementioned design, performance, and security concepts.


While this course doesn’t require mastery of specific content from previous courses, it does require the ability to pick up new programming concepts quickly. Thus, CS 341 is a prerequisite, as JavaScript incorporates rather esoteric concepts like closures, functional programming, and quite a bit of event driven programming, and having seen these paradigms previously will be of great help. Learning new languages and new programming paradigms are common tasks in the life of a software engineer; learning how to apply your underlying ability to decompose and systematize a task using a new language will implicitly be part of your learning experience in this class.

Peer Instruction

This course will be taught using Peer Instruction, a teaching model which places stronger emphasis on classroom discussion and student interaction.


Grades are curved based on an aggregate course score. There are separate curves for graduate and undergraduate students. This means that the course score cut-offs for an A, B, C etc. are not defined ahead of time: these will be set after the end of the course.

The course grade weighting is:

Task % of total grade
Reading Quizzes 10
Class Participation 10*
Programming projects 35
Midterm 15
Final 30


Reading quizzes will be given at the beginning of each class period using iClickers. Everyone will have their lowest three quiz scores dropped. Chapters for reading quizzes will be posted on the course website.


Participation is an incredibly important facet of this course. The baseline Class Participation grade will be based off of participating in classroom discussion questions. Your class participation grade can grow to a maximum of 15 through exceptional participation. The expected score in this category is 10: additional points are a bonus reserved for substantial contributions, entirely at the instructor’s discretion. Exceptional participation includes early reports of errors in assignments, helpful discussion on Piazza, contribution of helpful code to the common good of the class (e.g. test cases and/or testing scripts) and thoughtful discussions during lecture.

Some class periods will require laptop use for in class activities. If a laptop is required, you will be informed before class, and if you need to borrow one from the department, please contact the instructor.


Homeworks will consist of approximately seven programming projects with duration between one and two weeks. Programming assignments will roughly be split between break it and build it style tasks, in line with the dual engineering and security focus of this course. Be sure to consult the online handout or the professor if you have any questions.


All assignments are published due date. You can submit a maximum of two assignments late (up to a week after their original due date) without penalty, but you must notify the instructor using the late homework notification form. If you are going to use one of your two late submissions, you must use this form before the assignment is originally due. It is your responsibility to keep track of how many late assignments you have submitted; if you attempt to use it a 3rd time or after the assignment deadline, you will not receive a warning, and the code you have turned in at the original due date is what will be graded.

Extra credit will not be awarded for early turnins. Zero credit will be given in any of the following cases:

  • No assignment submitted.
  • An assignment submitted after the due date, without submitting the form beforehand.
  • An assignment submitted after the due date, after you’ve used your two late submissions.
  • An assignment submitted more than one week after the original due date.


Consulting with your classmates on assignments is encouraged, except where noted. However, turn-ins are individual, and copying code from your classmates or other sources is considered plagiarism. For example, given the question “how did you do X?”, a great response would be “I used function Y, with W as the second argument. I tried Z first, but it doesn’t work.” An inappropriate response would be “here is my code, look for yourself.” You should never look at someone else’s code, or show someone else your code.

To avoid suspicion of plagiarism, you must specify your sources together with all turned-in materials. List classmates you discussed your homework with and webpages from which you consulted while working on your assignment. Plagiarism and cheating, as in copying the work of others, paying others to do your work, etc, is obviously prohibited, and will be reported. We will be running MOSS, an automated plagiarism detection tool, on all submissions.

There are consequences to cheating on two levels - the consequences for your grade, and the consequences at the university level. Within class, the first time cheating on a programming assignment or problem set will result in a 0 on the assignment and reduction of one letter grade for your final grade in the course. A second time on a programming assignment, or first time on an exam or final project will result in failing the class.

I also report all academic integrity violations to the dean of students. If it is your first time, the dean of students allows you to informally resolve the case - this means the student agrees that my description of what happened is accurate, and the only repercussions on an institutional level are that it is noted that this happened in your internal, UIC files (i.e. the dean of students can see that this happened, but no professors or other people can, and it is not in your transcript). If this has happened before, in any of your classes, this results in a formal hearing and the dean of students decides on the institutional consequences. After multiple instances of academic integrity violations, students may be suspended or expelled. For all cases, the student has the option to go through a formal hearing if they think that they did not actually violate the academic integrity policy. If the dean of students agrees that they did not, then I revert their grade back to the original grade, and the matter is resolved.

TOPICS COVERED (tentative)

  • Security Fundamentals
  • Creating web pages and running web servers
  • JavaScript: the language, and the in browser runtime
  • Client side attacks and defenses
  • Single Page Applications
  • Web application backends
  • Web application backing stores
  • Advanced side channel attacks
  • Web privacy
  • Human factors / Usable web security
  • Scaling and securing web applications
  • Advanced tooling and performance techniques