Web Applications

Course Description

Although the World-Wide Web was initially conceived as a vehicle for delivering documents, it is now being used as a platform for sophisticated interactive applications, displacing the traditional mechanism of installable binaries. Web-based applications offer numerous advantages, such as instant access, automatic upgrades, and opportunities for collaboration on a massive scale. However, creating Web applications requires different approaches than traditional applications and involves the integration of numerous technologies. This class will introduce you to the Web technologies and give you experience creating Web applications. In the process you will learn about markup languages, scripting languages, network protocols, interactive graphics, event-driven programming, and databases, and see how they all work together to deliver exciting applications.

I. INTRODUCTION

• Why Web?
• The Next 10 Years
• Class Content
• HTML and Markup Languages
• XHTML

II. HTML and CSS

• XML, HTML, and XHTML
• CSS, Part 1
• CSS, Part 2
• CSS, Part 3
• CSS, Part 4

III. URLs and Links

• URL Encoding
• Issues with URLs
• No Referential Integrity

IV. The Ruby Language

• Overview
• Data Types
• Variables and Statements
• Methods
• Blocks, Iterators, and Class
• Review of Basics
• Other Things to Know
• Metaprogramming
• History of Dynamic Content

V. Rails Introduction

• Advantages
• Introducing Model View Controller
• Views and Templates, Part 1
• Views and Templates, Part 2
• Controllers, Part 1
• Controllers, Part 2
• Controllers, Part 3

VI. Introduction to SQL

• Relational Databases, Part 1
• Relational Databases, Part 2
• Joins
• Other Issues About Databases

VII. Active Record

• Basics of ORM
• Examples
• Relationships Between Tables
• Migration

VIII. HTTP and HTTPS

• HTTP Request-Response Protocol
• Redirection and HTTPS

IX. Cookies and Sessions

• Cookies
• Sessions

X. Forms

• Basics
• Page Flow
• Validation and Error Handling
• Rails Forms, Part 1
• Rails Forms, Part 2
• File Uploads with Rails

XI. Javascript

• Basics
• Functions
• Class System, Part 1
• Class System, Part 2
• Class System, Part 3
• Tying It All Together

XII. The Document Object Model (DOM)

• Basics
• Node
• Operations on Elements
• Coordinates and Positioning

XIII. Events

• Basics
• Access to Event Object
• Problems
• Delivering Events
• Timers and Other Issues

IX. AJAX

• Basic Mechanism
• Higher-Level Example
• Other Approaches

X. Security: Network Attacks

• Summary of Problems
• Encryption
• Certificate Authority and SSL/TLS
• SSL Stripping
• Mixed Content
• "Just in Time" HTTPS
• Bad Certificate

XI. Security: Session Attacks

• Choosing Session IDs
• Cross Site Request Forgery, Part 1
• Cross Site Request Forgery, Part 2
• Data Tampering

XII. Security: Isolation

• Cross-Site Scripting (XSS)
• Relaxations, Part 1
• Relaxations, Part 2
• Language-Based Isolation
• Navigation and Cookies

XIII. Security: Code Injection

• Escape Queries
• Stored XSS
• Reflected XSS

XIV. Security: Phishing Attacks

• Basic Idea
• Legitimate v. Illegitimate
• Certificates
• Other Anti-Phishing Measures

XV. Large-Scale Applications

• Load Balancing
• Sessions and Storage
• RAMCloud
• Scaling and Cloud Computing

XVI. Datacenters

• History
• Structure
• Issues, Part 1
• Issues, Part 2

XVII. Deploying Web Applications

• Part 1
• Part 2
• Part 3
• Part 4

XVIII. Course Wrap-Up

• Web Plumbing, Relational Databases, and Languages
• Rails, Security, and Large-Scale Apps
• Themes
• Future of the Web

Teacher: John Ousterhout