University of Texas at El Paso
Banner
Compuer Science
   
CS 4339 Secure Web-Based Systems Minimize    

CS 4339- Secure Web-Based Systems
Fall 2016 Course Syllabus

Course Description: A survey of web-based technologies and applications. Topics include: ebusiness models, security and privacy issues, the provisioning, development, and deployment of web sites including dynamic web content generation and the management of database back ends, relevant copyright law.

Textbook: "Learning PHP, MySQL & JavaScript", Robin Nixon, 4th Edition, O'Reilly Media Inc, 2014. (The 3rd Edition is also acceptable.)

Exams and Grades: There will be two tests, a final exam, quizzes, individual assignments and a team project.

Test 1 17%
Test 2 17%
Final Exam 26%
Quizzes, Assignments and Project 40%

Standards of Conduct: Students are expected to conduct themselves in a professional and courteous manner, as prescribed by the Standards of Conduct. Students may discuss work assignments and programming exercises in a general way with other students, but the solutions must be done independently. Similarly, groups may discuss group project assignments with other groups, but the solutions must be done by the group itself. Graded work should be unmistakably your own. You may not transcribe or copy a solution taken from another person, book, or other source, e.g., a web page. Professors are required to -- and will -- report academic dishonesty and any other violation of the Standards of Conduct to the Dean of Students.

Disabilities: If you have a disability and need classroom accommodations, please contact The Center for Accommodations and Support Services (CASS) at 747-5148, or by email to cass@utep.edu, or visit their office located in UTEP Union East, Room 106. For additional information, please visit the CASS website at www.sa.utep.edu/cass.

Faculty Information: Professor: Luc Longpré Office: 3.0420 CCS building Phone: 747-6804 e-mail: longpre @ utep . edu Office Hours: Tuesday, Thursday, 3:00-4:00pm.

Topics:

  • History of internet, static vs dynamic web content, overview of HTTP, HTML, client side vs server side programming, MySQL, CSS. Basic HTML syntax for simple web pages. Web site design process.
  • PHP: variables, operators, functions, scope, flow control, objects, arrays, I/O.
  • MySQL: basics, database review, commands, indexes, functions, database design, accessing MySQL from PHP, passwords management.
  • HTML Form Handling. Input checking, SQL injection attacks.
  • Cookies, sessions, authentication. Security concerns (cookie stealing, session highjacking). Review of cryptographic tools.
  • JavaScript: variables, operators, functions, flow control, document object model. Cross-site scripting attacks.
  • Validation and error handling. Importance for security.
  • Ajax.
  • CSS.
  • Ethical, legal and copyright issues. Electronic commerce transactions. Contract, business models, digital signatures, cryptographic tools, https, non-repudiation, evidence collection and preservation, privacy issues.

Course outcomes:

Knowledge and Comprehension

  1. Contract law.
  2. Copyright law.
  3. Describe the common vulnerabilities in web sites.
  4. Ethical issues in web-based systems.
  5. Describe different business models.

Application and Analysis

  1. HTML.
  2. Server side programs.
  3. Client side programs.
  4. AJAX.
  5. CSS

Synthesis and Evaluation

  1. Assess common vulnerabilities in a web site and implement countermeasures.
  2. Create a secure website that includes database access, client side and server side programming.
  3. Create a web site that includes Cascading Style Sheets and some advanced HTML constructs.
  4. Create a secure password based authentication on a web site.