This course studies the programming and security of web applications. The programming languages for both client- and server-side will be introduced, with security design principles and common vulnerabilities highlighted early on. Open standards and real-world case studies will be used for illustrations. Performance and optimization issues will also be covered. This course also extends to the security threats confronting web browsers, transport layer protocols and web servers. Each student will have the opportunity to practice by building and securing web applications, and finally breaking one another's website with a peer-hacking experiment.
The assignment is to provide students with chances to code and practice what were learned from the course. Students are required to design and build an e-commerce shopping website, which deserves more security protections than average websites like blogs. The assignment is split into 7 phases (roughly biweekly). Each student is required to build and secure their own website, which comprises a front-end that accepts online purchases through Paypal, and an admin panel that manages the product listings. The website is then securely configured and hosted live on the Amazon AWS Cloud Server. Most excitingly, the last phase will allow students to challenge the security measures implemented on each others' website.
Our deepest gratitude goes to Amazon AWS and GitHub. Their generous education grant and donations (US$8000 from AWS, plus 5 x US$200/month from GitHub) have essentially enabled our students to get first-hand experience on cutting-edge technologies.