Overview
Web applications are simultaneously one of the most widely used and widely attacked forms of deployed code. At the same time, the concepts of computer security are best taught within a relatable context so that students can immediately apply their knowledge to relevant situations. The unique challenges inherent in building secure web applications made available to billions of potential users and attackers requires understanding how to use and integrate concepts from software engineering, systems programming, and computer security. This course integrates the concepts that underlie designing, deploying, attacking, and defending web applications to provide students with a foundational understanding of how to design and deploy scalable and secure web applications.
This class will teach students the concepts and techniques that enable web applications to maintain high performance in the face of numerous users and attackers. Students will learn and be able to apply software engineering concepts to manage the complexity of client‐side and server‐side software. Students will learn and be able to apply computer systems concepts to manage the scalability of the web application, and provide performant service to large numbers of simultaneous users. Students will learn and be able to apply computer security concepts to designing a web application which is robust to known and unknown attacks. Students will gain familiarity and facility with modern tools which enable creating applications that apply the aforementioned design, performance, and security concepts. Students will learn and be able to apply fundamental security concepts so that they can evaluate the security of future application designs in the face of potential future attacks.
Prerequisites
While this course doesn’t require mastery of specific content from previous courses, it does require the ability to pick up new programming concepts quickly. Thus, CS 341 is a prerequisite, as JavaScript incorporates rather esoteric concepts like closures, functional programming, and quite a bit of event driven programming, and having seen these paradigms previously will be of great help. Learning new languages and new programming paradigms are common tasks in the life of a software engineer; learning how to apply your underlying ability to decompose and systematize a task using a new language will implicitly be part of your learning experience in this class.
Course Announcements
Whenever possible, course information will be conveyed using this website. Course discussion will happen via Piazza. You are responsible for checking this website for the reading schedule and ensuring that you complete all assignments. You are responsible for knowing about all of the material distributed for this class, whether is is mentioned in the syllabus, posted on Blackboard, or announced during lecture.
Peer Instruction
This course will be taught using Peer Instruction, a teaching model which places stronger emphasis on classroom discussion and student interaction.
Evaluation
Grades are curved based on an aggregate course score. There are separate curves for graduate and undergraduate students. This means that the course score cut-offs for an A, B, C etc. are not defined ahead of time: these will be set after the end of the course.
The course grade weighting is:
| Task | % of total grade |
|---|---|
| Reading Quizzes | 10 |
| Class Participation | 10 |
| Homeworks | 35 |
| Midterms | 15 |
| Final | 30 |
READING QUIZZES
Reading quizzes will be given at the beginning of each class period using iClickers. Everyone will have their lowest three quiz scores dropped.
CLASS PARTICIPATION
Participation is an incredibly important facet of this course. The baseline Class Participation grade will be based off of participating in classroom discussion questions and answering questions via iClicker. (iClicker questions are graded for participation, not correctness.) However, extra credit points may be added for substantial contributions, entirely at the instructor’s discretion. Exceptional participation includes early reports of errors in assignments, helpful discussion on Piazza, contribution of helpful code to the common good of the class (e.g. test cases and/or testing scripts) and thoughtful discussions during lecture.
While class participation is a very effective way to successfully learn the material from this class, it is not a hard requirement. If you wish to forego attending class on a regular basis, your in class quiz and participation score will be computed as the higher of your final exam score and your achieved in-class score.
Overcoming challenges enables growth
This is not a lecture-oriented class or one in which mimicking prefabricated examples will lead you to success. You will be expected to work actively to construct your own understanding of the topics at hand, with the readily available help of the professor and your classmates. Many of the concepts you learn and problems you work will be new to you and ask you to stretch your thinking. You will experience frustration and failure before you experience understanding. This is part of the normal learning process. Your viability as a professional in the modern workforce depends on your ability to embrace this learning process and make it work for you. You are supported on all sides by the professor and your classmates. But no student is exempt from the process and the hard work it entails.
Student Disabilities
If you have a disability that might impact your performance in this course or otherwise requires special accommodation, please contact me as soon as possible so that appropriate arrangements can be made. Support is available through the Disability Resource Center. You will need to contact them to get your disability documented before accommodations can be made.
ACADEMIC INTEGRITY
Consulting with your classmates on assignments is encouraged, except where noted. However, turn-ins are individual, and copying code from your classmates is considered plagiarism. For example, given the question “how did you do X?”, a great response would be “I used function Y, with W as the second argument. I tried Z first, but it didn’t work”. An inappropriate response would be “here is my code, look for yourself”. You should never look at someone else’s code, or show someone else your code. Either of these actions are considered academic dishonesty (cheating) and will be prosecuted as such.
To avoid suspicion of plagiarism, you must specify your sources together with all turned-in materials. List classmates you discussed your homework with and webpages from which you got inspiration. Plagiarism and cheating, as in copying the work of others, paying others to do your work, etc, is obviously prohibited, and will be reported. We will be running MOSS, an automated plagiarism detection tool, on all handins.
There are consequences to cheating on two levels - the consequences for your grade, and the consequences at the university level. Within class, the first time cheating on a programming assignment or problem set will result in a 0 on the assignment. A second time on a programming assignment, or first time on an exam will result in failing the class. Egregious cheating on a programming assignment (including but not limited to purchasing a solution online) is also grounds for failing the class.
I report all suspected academic integrity violations to the dean of students. If it is your first time, the dean of students allows you to informally resolve the case - this means the student agrees that my description of what happened is accurate, and the only repercussions on an institutional level are that it is noted that this happened in your internal, UIC files (i.e. the dean of students can see that this happened, but no professors or other people can, and it is not in your transcript). If this has happened before, in any of your classes, this results in a formal hearing and the dean of students decides on the institutional consequences. After multiple instances of academic integrity violations, students may be suspended or expelled. For all cases, the student has the option to go through a formal hearing if they believe that they did not actually violate the academic integrity policy. If the dean of students agrees that they did not, then I revert their grade back to the original grade, and the matter is resolved.