-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathschedule.html
187 lines (183 loc) · 12.1 KB
/
schedule.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="chrome=1">
<title>IERG4210 Web Programming and Security, CUHK (2014-15 Term 2)</title>
<link rel="stylesheet" href="stylesheets/styles.css">
<!--link rel="stylesheet" href="stylesheets/pygment_trac.css"-->
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
<!--[if lt IE 9]>
<script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
</head>
<body>
<div class="wrapper">
<header>
<h1>IERG4210, CUHK (2014-15 Term 2)</h1>
<ul>
<li><a href="index.html">Course Introduction</a></li>
<li><a href="schedule.html">Contents & Schedule</a></li>
<li><a href="https://www.facebook.com/groups/ierg4210.2015spring/">Facebook Discussion Group</a></li>
</ul>
<p><a href="//www.ie.cuhk.edu.hk/">Information Engineering</a><br/><a href="//www.cuhk.edu.hk/">Chinese University of Hong Kong</a></p>
<strong>Lectures</strong>
<p>
Every Tuesday 15:30-18:15<br/>
NAH 213 (since Jan 27)<br/>
Instructor: <a href="https://staff.ie.cuhk.edu.hk/~phfung/">Dr. Adonis Fung</a> [<a href="mailto:[email protected]">phfung@ie</a>]</p>
<strong>Tutorials</strong>
<p>
Sections:<br>
- Monday, 11:30 - 12:15, ERB 405<br/>
- Tuesday, 18:30 - 19:15, NAH 213<br/>
TAs: <br/>
- Wenrui Diao [<a href="mailto:[email protected]">dw013@ie</a>] <br/>
- Benedict Mak [<a href="mailto:[email protected]">mlt014@ie</a>] <br/>
- Shizhan Zhu [<a href="mailto:[email protected]">zs014@ie</a>] <br/>
</p>
</header>
<section>
<h2>
<a id="ierg4210-course-syllabus" class="anchor" href="#ierg4210-course-syllabus" aria-hidden="true"><span class="octicon octicon-link"></span></a>Course Contents & Tentative Schedule</h2>
<ol class="syllabus">
<li>
<strong>Jan 6 - Introductions</strong>
<div>
- Course Matters<br/>
- Overview of the Internet<br/>
- Security Principles
</div>
<div>[<a href="lectures/01-lecture-Overview.pdf"><b>Lecture Notes</b></a>, <a href="lectures/01-reading-Daswani07-01SecurityGoals.pdf">Reading: Security Goals</a>, <a href="lectures/01-reading-SoftwareSecurityPrinciples.pdf">Reading: Security Principles</a>]</div>
</li>
<li>
<strong>Jan 13 - User Interface Design</strong>
<div> - HTML, CSS, Templating</div>
<div>[<a href="lectures/02-lecture-UserInterfaceDesign.html"><b>Lecture Notes</b></a> (<a href="lectures/02-lecture-UserInterfaceDesign.pdf"><b>PDF</b></a>)]</div>
<div>[<a href="tutorials/tutorial01.pdf"><b>Tutorial 1</b></a>] [<a href="assign-spec/AssignmentMarkingChecklist1.0.pdf"><b>Assignment Marking Checklist for Phase 1 (v1.0)</b></a>]</div>
</li>
<li>
<strong>Jan 20 - User Interface Programming</strong>
<div> - JavaScript, DOM, and Events</div>
<div>[<a href="lectures/03-lecture-UserInterfaceProgramming.html"><b>Lecture Notes</b></a> (<a href="lectures/03-lecture-UserInterfaceProgramming.pdf"><b>PDF</b></a>), <a href="lectures/03-reading-Resig07-02ObjectOrientedJavascript.pdf">Reading: Object-Oriented JavaScript</a>, <a href="lectures/03-reading-Resig07-06Events.pdf">Reading: Events</a>]</div>
<div>[<a href="tutorials/tutorial02.pdf"><b>Tutorial 2</b></a>]</div>
</li>
<li>
<strong>Jan 27 - HTTP and Client-side Form Handling</strong>
<div>
- HTTP Introduction<br/>
- Form Controls, Validations (Controls, HTML5, JS), XHR/AJAX<br/>
- Form Submissions: HTML, Programmatic, and AJAX</div>
<div>[<a href="lectures/04-lecture-HTTPAndClientSideFormHandling.html"><b>Lecture Notes</b></a> (<a href="lectures/04-lecture-HTTPAndClientSideFormHandling.pdf"><b>PDF</b></a>), <a href="http://cs.brown.edu/courses/cs168/f12/handouts/async.pdf">Reading: Asynchronous Model (Section 1 & 2 only)</a>]
<div>[<a href="tutorials/tutorial03_v2.pdf"><b>Tutorial 3</b></a>, <a href="tutorials/tutorial03_ref.pdf">Tutorial 3 Reference</a>] [<a href="assign-spec/AssignmentMarkingChecklist2.0.pdf"><b>Assignment Marking Checklist for Phase 2 (v2.0)</b></a>]</div>
</li>
<li>
<strong>Feb 3 - Server-side Form Handling (Using Node/PHP)</strong>
<div>
- Web Server and Application: Features, Performance, Scalability<br/>
- Validations, Sanitizations, Form Processing<br/>
- Data Transfer Formatting: HTML, JSON, XML</div>
<div>[<a href="lectures/05-lecture-ServerSideFormHandling.html"><b>Lecture Notes</b></a> (<a href="lectures/05-lecture-ServerSideFormHandling.pdf"><b>PDF</b></a>), <a href="05-ref-ServerSideFormHandlingPHP.pdf">Reading: Old Notes in PHP favor</a>]</div>
<div>[<a href="tutorials/tutorial04.pdf"><b>Tutorial 4</b></a>]</div>
</li>
<li>
<strong>Feb 10 - Fast and Scalable Web and Database Servers</strong>
<div>
- Fast and Scalable Web Server Platform<br/>
- Persistent Storage: DB with SQL language<br/>
- Temporary/Fast Storage: Memcached, NoSQL<br/>
- Concerns: Performance, Availability, Distributabilty, Tradeoffs
</div>
<div>[<a href="lectures/06-lecture-FastScalableWebAndDBServers.pdf"><b>Lecture Notes</b></a>]</div>
<div>[<a href="tutorials/tutorial05.pdf"><b>Tutorial 5</b></a>, <a href="assign-spec/AssignmentMarkingChecklist3.0.pdf"><b>Assignment Marking Checklist for Phase 3 (v3.0)</b></a>]</div>
</li>
<li>
<strong>Feb 17 - Authentication and Authorization</strong>
<div>
- Session Storage: Cookies, localStorage, Server-side Session<br/>
- Attacks and Defenses: Broken Authentication and Session Management,
Missing Function Level Access Control, etc
</div>
<div>[<a href="lectures/07-lecture-Auth.pdf"><b>Lecture Notes</b></a>]</div>
<div>[<a href="tutorials/tutorial06.pdf"><b>Tutorial 6</b></a>]</div>
</li>
<li>
<strong>Feb 24 - <span style="color:#F00">Lunar New Year Vacation</span></strong>
<div> - No Lectures</div>
</li>
<li>
<strong>Mar 3 - Web Application Security I</strong>
<div>
- Same Origin Policy (SOP)<br/>
- Attacks and Defenses: Cross-Site Request Forgeries (CSRF), CAPTCHA<br/>
- Attacks and Defenses: Cross-Site Scripting (XSS), Clickjacking<br/>
- Cross-origin Communication and Security (XHR2, JSONP, postMessage(), etc)<br/>
</div>
<div>[<a href="lectures/08-lecture-WebAppSecurityI.pdf"><b>Lecture Notes</b></a>, <a href="https://github.com/yahoo/xss-filters">Reading: Context-sensitive Output Escaping</a>, <a href="lectures/08-reading-Daswani07-10.5XSS.pdf">Reading: Daswani07 10.5 XSS</a>, <a href="https://easylogin1.lib.cuhk.edu.hk/login?url=http://library.books24x7.com/library.asp?%5EB&bookid=44458&chunkid=941734878">Reading: CSRF and Clickjacking</a>]</div>
<div>[<a href="tutorials/tutorial07.pdf"><b>Tutorial 7</b></a>, <a href="assign-spec/AssignmentMarkingChecklist4.0.pdf"><b>Assignment Marking Checklist for Phase 4 (v4.0)</b></a>]</div>
</li>
<li>
<strong>Mar 10 - Quiz</strong>
<div>[<a href="tutorials/tutorial08.pdf"><b>Tutorial 8</b></a>, <a href="assign-spec/AssignmentMarkingChecklist4.1.pdf"><b>Assignment Marking Checklist for Phase 4 (v4.1)</b></a>]</div>
</li>
<li>
<strong>Mar 17 - Web Application Security II</strong>
<div>
- Attacks and Defenses: Injections, Insecure Direct Object References,
Unvalidated Redirects and Forwards, etc</div>
<div>[<a href="lectures/09-lecture-WebAppSecurityII.pdf"><b>Lecture Notes</b></a>, <a href="https://easylogin1.lib.cuhk.edu.hk/login?url=http://library.books24x7.com/library.asp?%5EB&bookid=44458&chunkid=114208222">Reading: Stuttard12 - SQL Injection</a>, <a href="https://easylogin1.lib.cuhk.edu.hk/login?url=http://library.books24x7.com/assetviewer.aspx?bookid=44458&chunkid=500976007#ch13lev4sec7">Reading: Stuttard12 - HTTP Response Splitting</a>, <a href="https://easylogin1.lib.cuhk.edu.hk/login?url=http://library.books24x7.com/library.asp?%5EB&bookid=44458&chunkid=766334900">Reading: Stuttard12 - Path Traversal</a>]</div>
<div>[<a href="tutorials/tutorial09.pdf"><b>Tutorial 9</b></a>]<div>
</li>
<li>
<strong>Mar 24 - Transport Layer and Web Browser Security</strong>
<div>
- TLS/SSL, PKI, Certificates, Digital Signatures, SSH<br/>
- Attacks and Defenses: Man-in-the-middle, Side-channel, Wi-Fi, DNS, Phishing<br/>
- Browser Security: Cert Pinning, 2FA, XSS Audits, Content Security Policy, Extensions, etc
</div>
<div>[<a href="lectures/10-lecture-TransportLayerAndBrowserSecurity.pdf"><b>Lecture Notes</b></a>]</div>
<div>[<a href="assign-spec/AssignmentMarkingChecklist5.0.pdf"><b>Assignment Marking Checklist for Phase 5-7A (v5.0)</b></a>]</div>
</li>
<li>
<strong>Mar 31 - Optimizing Web Applications</strong>
<div>
- Settings and Code Tweaks, Search Engine Optimizations, Analytics
</div>
<div>[<a href="lectures/11-lecture-OptimizingWebApps.pdf"><b>Lecture Notes</b></a>, Reading: <a href="https://developers.google.com/web/fundamentals/performance">Optimizing Performance</a>, Reading: <a href="http://www.html5rocks.com/en/tutorials/es6/promises/">Using Promises</a>, Reading: <a href="http://moz.com/beginners-guide-to-seo">Search Engine Opimizations</a>]</div>
<div>[<a href="tutorials/tutorial10.pdf"><b>Tutorial 10</b></a>]<div>
</li>
<li>
<strong>Apr 7 - <span style="color:#F00">Easter Holiday</span></strong>
<div> - No Lectures</div>
</li>
<li>
<strong>Apr 14 - Scanning Web Applications for Vulnerabilities</strong>
<div>
- Automated Web Application Vulnerability Scanning
- Crawling: hyperlink extractions, event enumerations, etc<br/>
- Fuzzing: XSS, SQL, CSRF, etc<br/>
- Invited Talk: Penetration Testing, Security Tools<br/>
- Course Reviews
</div>
<div>[<a href="lectures/12-lecture-VulnerabilityScanning.pdf"><b>Lecture Notes</b></a>, <b><a href="lectures/12-invited-talk-Penetration-test-and-security-standards.pdf">Penetration Testing</a></b>]</div>
<div>[<a href="assign-spec/AssignmentMarkingChecklist6.0.pdf"><b>Assignment Marking Checklist (v6.0)</b></a>]</div>
</li>
</ol>
</section>
<footer>
<p><small>Hosted on GitHub Pages — Theme by <a href="https://github.com/orderedlist">orderedlist</a></small></p>
</footer>
</div>
<script src="javascripts/scale.fix.js"></script>
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-23136362-2");
pageTracker._trackPageview();
} catch(err) {}
</script>
</body>
</html>