CIS 320 Advanced Web Development and Security¶
Course Details¶
Course title:
CIS 320 Advanced Web Development and Security
Catalog course description:
This class covers server and client side programming and security. Students learn to create, read, update, and delete records in a database through a website. Students learn how manage security with data validation and encoding, session management, encryption, hashing, and understanding common security vulnerabilities. Students will learn to fine, use, and integrate common code libraries and applications into their website. Prerequisites: CIS 120, CMSC 150, and CIS 255. WRITCOMM. Four credits. Offered every spring of odd numbered years.
Course level student learning objectives (SLOs):
- Learn to create web applications that can create, read, update, and delete records from a database.
- Learn to validate information both on the server side and on the client side.
- Learn how to protect against common security vulnerabilities.
- Learn both encryption and hashing.
- Learn to authenticate and authorize users and manage session information.
- Learn to manage a server stack.
- Learn to write tutorials, and to create a security plan.
Textbook is on-line: http://web-development-class.readthedocs.io
Instructor¶
- Instructor Name: Paul Vincent Craven
- Office hours are by appointment.
- In person. My office is in the Carver Science building, second floor. Room 333:
- Over Zoom
- In McNeill 110 (Make sure lab is open)
- Instructor Contact Information:
- E-mail: paul.craven@simpson.edu <- Best way to contact me.
- When sending e-mail questions, please include your code (attach it or link to GitHub), and the error you are getting. If you don’t want to do this, please make an appointment instead.
- Office: Carver 333 (Second floor, Carver Science Building) Feel free to drop in.
- Phone: 515-961-1834 <- I rarely answer this.
- E-mail: paul.craven@simpson.edu <- Best way to contact me.
Schedule¶
Class meets Tuesday/Thursday from 8:00 am until 9:30 am.
Academic Calendar¶
| Spring Semester 2021 | Date |
|---|---|
| Classes Begin | Jan-19 |
| Last Day to Add/Drop | Jan-25 |
| No Class | Feb 26 |
| Mid-Term Date | Mar-08 |
| Mid-Term Grades Due | Feb-10 |
| Last Day to Withdraw | Mar-26 |
| Easter Recess | Apr-05 |
| Honors Convocation Ceremony | Apr-21 |
| Research Symposium (No Class) | Apr-22 |
| Last Day of Class | Apr-26 |
| College Reading Day | Apr-29 |
| Spring Final Exam Week | Apr 27-29 |
| Commencement | May-01 |
| All Spring Grades Due | May-04 |
Class Calendar¶
I plan on keeping to the due dates on the assignments. The exact topics of what we cover in class will be adjusted as needed.
| Date | Class | Topic | Assignment due | Points |
|---|---|---|---|---|
| Tue, Jan 19 | 1 | Syllabus, CRUD overview, stack overview | ||
| Thu, Jan 21 | 2 | Local & production environment setups. Show IntelliJ and Tomcat working. Demo how to do Lab 1. | ||
| Tue, Jan 26 | 3 | Go through JavaScript chapter | Assignment 1 - Full Stack Deployment | 100 |
| Thu, Jan 28 | 4 | Go through jQuery chapter. Go through regular expression tutorial. | ||
| Tue, Feb 02 | 5 | Talk about class paper, paper topic choices, annotated bibliography | ||
| Thu, Feb 04 | 6 | Talk about JSON Work with setting up Amazon RDS | Assignment 2 - First JavaScript Assignment | 100 |
| Tue, Feb 09 | 7 | Manage DB connections in Java. Work on lab 3. | ||
| Thu, Feb 11 | 8 | Lab 3 | Research paper, annotated bibliography | 100 |
| Tue, Feb 16 | 9 | Making JSON calls over AJAX, work on Lab 4 | Assignment 3 - List Records | 100 |
| Thu, Feb 18 | 10 | How to encode characters for the web, Work on Lab 4 | ||
| Tue, Feb 23 | 11 | Research paper, outline | 100 | |
| Thu, Feb 25 | 12 | Modern build process, work on Lab 5 form validation | Assignment 4 - List Records - Final | 100 |
| Tue, Mar 02 | 13 | Talk about check-boxes and file uploads. | ||
| Thu, Mar 04 | 14 | How to delete n-1 rows of a table in Javascript | Research paper, rst setup | 100 |
| Tue, Mar 09 | 15 | Talk about getting data from a form in code | Assignment 5 - Validate a Form | 100 |
| Thu, Mar 11 | 16 | |||
| Tue, Mar 16 | 17 | Research paper, first page | 100 | |
| Thu, Mar 18 | 18 | How to do back-end validation. Work on Assignment 7 | Assignment 6 - Insert a Record | 100 |
| Tue, Mar 23 | 19 | Work on Assignment 7 | ||
| Thu, Mar 25 | 20 | Talk about passwords and password rules. Work on assignment 8 | ||
| Tue, Mar 30 | 21 | Assignment 7 - Back-End Validate / Delete a Record | 100 | |
| Thu, Apr 01 | 22 | Work on assignment 8 | ||
| Tue, Apr 06 | 23 | Cookies and sessions | Research paper, draft | 100 |
| Thu, Apr 08 | 24 | Local storage, work on login lab | Assignment 8 - Edit a Record | 100 |
| Tue, Apr 13 | 25 | Work on login lab | ||
| Thu, Apr 15 | 26 | |||
| Tue, Apr 20 | 27 | Talk about encoding, citations, final paper | ||
| Thu, Apr 22 | No class | Symposium day | Research paper, final | 100 |
| Tue, Apr 27 | No class | Final exam week | ||
| Thu, Apr 29 | No class | Final exam week | Assignment 9 - Login Lab | 100 |
| Total points | 1000 | |||
| A | 93% | 930 | ||
| A- | 90% | 900 | ||
| B+ | 87% | 870 | ||
| B | 83% | 830 | ||
| B- | 80% | 800 | ||
| C+ | 77% | 770 | ||
| C | 73% | 730 | ||
| C- | 70% | 700 | ||
| D+ | 67% | 670 | ||
| D | 63% | 630 | ||
| D- | 60% | 600 |
Student Assessment¶
Assignment Submission¶
- Assignments must be submitted on-line via Simpson’s Scholar website.
- Assignments are not accepted via e-mail.
- Source code will be checked into GitHub.
- This will require a free account on GitHub.
- A live web server must be maintained using Amazon Web Services.
- This will require an AWS account linked to a credit card. AWS offers one year of very basic level service free. If you are past that year there will be a nominal charge.
- Make sure you shut down your servers at the end of class so you don’t keep getting charged.
- See the instructor if you are not able set up your own server.
Grading¶
Grades will be calculated on a percent scale. The percentage is calculated by total points earned, divided by total points possible. If there is an attendance penalty, then that is subtracted next.
Danger
Simpson’s Scholar/Moodle site shows can show the wrong grade, for the two reasons below.
- Scholar will not show any attendance penalty. You can look up your attendance on Scholar.
- If there is a missing grade that hasn’t been set at zero, then Scholar will not show that in the average. For example, if there are 10 assignments, each worth 100 points, but one is missing, Scholar will show your average as 100 instead of 90. I do try to go back and enter zero on missing assignments so Scholar shows the correct grade, but sometimes that isn’t practical.
If you want to calculate your grade, total up your points, divide by the total possible. Then take into account any attendance policy penalty. See the attendance policy.
Appealing an assignment grade: Please do this within a week or two of the grade being posted. Please regularly check for missing assignment grades. After final grades are posted, I’ll only re-examine assignments turned in during finals. I’m not going back to look at early assignments. Turning in tech assignments can be more complex than turning in a paper, so it is critical to notice right away if you are missing a piece.
Appealing your final grade: If you believe your final grade is in error, please go through the effort of calculating the grade yourself. Total up points earned and the total points possible. Calculate the percentage. Check your attendance. Include that information when contacting the instructor.
Grading Scale¶
Grades are not rounded. For example, 92.99% is considered an A-, and 93.00% is an A.
| Percent | Grade |
|---|---|
| 100-93% | A |
| 92-90% | A- |
| 89-87% | B+ |
| 86-83% | B |
| 82-80% | B- |
| 79-77% | C+ |
| 76-73% | C |
| 72-70% | C- |
| 69-67% | D+ |
| 66-63% | D |
| 62-60% | D- |
| 59-0% | F |
Late-Work/Make-up Work Policy¶
- All work should be turned in on-time.
- Late work will be assigned a penalty:
- 1-3 calendar days: 5%
- 4-7 calendar days: 10%
- 8-10 calendar days: 15%
- 11-14 calendar days: 20%
- 14+ calendar days, not accepted
- All work must be in by midnight, April 29th. No extensions beyond this date/time are given unless you have a form filled out and signed for an “incomplete.”
- Extra-credit / make up work is not offered.
- If you need to use the lab for doing work, make sure to understand when the lab is open. The McNeill lab is usually closed on Sunday nights, and assignments are due Monday morning. Not knowing when the lab is open is not accepted as an excuse.
Attendance/Participation Policy¶
A student may miss three classes unexcused without penalty. After three unexcused absences, a student’s final grade will be lowered 3% for each class missed, not including the original three. So missing five classes will be a 6% penalty on the final grade.
Excused absences are those approved by the Academic Dean, or by prior permission of the instructor. Absences for sporting event functions are normally run through Dean’s office. E-mail me that you will be gone so that I can check you off as excused.
Danger
To be counted as attending class, the student must be present when the instructor takes attendance. Showing up to class 10 minutes late does not count towards attendance. Therefore continually showing up to class late can really hurt a student’s grade. If a student leaving class early with prior permission will be counted as absent.
COVID-19: Absences due to Covid-19 are excused, but you need to let me know, along with health services.
Course Assessment¶
Engaged Citizenship Grids¶
Written Communication (WC)¶
Written communication is the ability to communicate successfully via handwritten, printed, or electronic text.
Writing is an essential skill that students need in order to comprehend, analyze, and synthesize a variety of texts in a variety of disciplines. In college, students will learn to write in multiple contexts: in the Simpson Colloquiums, in general education courses, in courses for their majors, and in elective courses. Effective writing is also a skill they will find indispensable in their professional lives beyond the undergraduate academic setting.
Engaged citizens rely on strong writing skills, whether they are exploring and developing their own ideas, responding fairly and responsibly to the ideas and perspectives of others, or crafting the polished, compelling and persuasive expression so often necessary to shaping and creating a diverse and just community.
A student who completes a WC course will be able to…
| Student Learning Objective (SLO) | Class activities directly relating to this SLO | Student work to be evaluated for this SLO | |
| WC SLO1. | articulate an idea and formulate a thesis as appropriate to the discipline | Lecture, quizzes, labs | Tutorial on how and why to use a new web technology |
| WC SLO2. | identify and correct errors in grammar and/or style in written communication | Lecture, quizzes, labs | Students review each other’s tutorial draft and turn in a marked-up copy |
| WC SLO3. | provide credible evidence to support claims and arguments in written communication | Lecture, quizzes, labs | Tutorial on how and why to use a new web technology |
| WC SLO4. | organize thoughts in a logical fashion in written communication | Lecture, quizzes, labs | Tutorial on how and why to use a new web technology |
Student Learning Outcomes for the Major¶
CIS Major SLO #1: Apply and manage computer systems to meet business objectives.
CIS Major SLO #2: Create and manage computer systems utilizing a variety of information technologies.
CIS Major SLO #3: Design, implement, and modify normalized database systems. Graduates will also know how to maintain and manage database systems.
Contact Hours and Learning Time¶
CIS 320 meets two times per week. Class covers 14 weeks, with one week of break, and one day off for Honor Symposium giving us a total of 25 classes. At 90 minutes per class, that’s 37.5 hours of meeting time.
There are a total of 13 assignments. Each assignment should take approximately three hours of research and five hours of work. This will add up to about 104 hours of work.
Total time spent on the class should be about 141 hours.
Policies and Procedures¶
Course Continuity Plan¶
Should the normal instructional activity on the campus be shortened or interrupted by a campus-wide closing, students will receive information from the instructor or other representative of the college about when and if the course might be continued or completed via Internet, telephone, or United States mail.
Academic Integrity¶
Simpson’s Statement: In all endeavors, Simpson College expects its students to adhere to the strictest standards of honesty and integrity. In keeping with the College’s mission to develop the student’s critical intellectual skills, while fostering personal integrity and moral responsibility, each student is expected to abide by the Simpson College rules for academic integrity. Academic dishonesty includes (but is not limited to) any form of cheating, plagiarism, unauthorized collaboration, misreporting any absence as college-sponsored or college-sanctioned, submitting a paper written in whole or in part by someone else, or submitting a paper that was previously submitted in whole or in substantial part for another class without prior permission. If the student has any questions about whether any action would constitute academic dishonesty, it is imperative that he or she consult the instructor before taking the action. All cases of substantiated academic dishonesty must be reported to the student’s academic advisor and the Dean for Academic Affairs. For further guidance on these rules and their sanctions, please see the college catalog.
My addition: Students are strongly encouraged to work with one another on homework; however, blatant copying of assignments will be considered cheating.
If I get two assignments that are the same thing, both people will get zeros. Guard your homework carefully, so it is not used as a source for cheating. Don’t e-mail it to a friend so they can ‘use it to learn’ or ‘as a template’. Don’t allow someone to simply read off what you have on your computer screen. By allowing someone to cheat, that will allow the person to get behind in what they understand, and they will never catch up.
A student caught cheating will either get a zero for the assignment, have his/her over-all letter grade reduced, or be flunked from the course. Cheating students may be required to do extra work.
The instructor keeps a database of prior assignments and assignments commonly found on the Internet. The instructor will periodically run scans to look for duplicate assignments. We catch students cheating every. single. year. Don’t do it.
Regardless, cheating is like paying for a gym membership, and then sending someone else to work out for you. It doesn’t make sense. You aren’t going to get stronger that way.
Accommodations for Students with Accessibility Needs¶
I want everyone in this class to be successful. If you have a physical, sensory, learning, or psychological disability that can interfere with your learning, I want you to receive the accommodations to which you are entitled by law. In order for me to do provide accommodations to a student, the student’s disability must be documented with the Student Accessibility Office. I cannot assist a student with accommodations that I don’t know are needed, so if you need something, please make sure that you either contact me or that you ask Simpson’s Student Accessibility Coordinator, to do so on your behalf. If you have any further questions on the policies and services for students with disabilities, please refer to the academic catalog or go to http://simpson.edu/academics/student-accessibility/
Inclusive Explanation Statement¶
In this course, each voice in the classroom has something of value to contribute. Please take care to respect the different experiences, beliefs, and values expressed by students and staff involved in this course. We support Simpson’s commitment to diversity, and welcome individuals of all ages, backgrounds, citizenships, disabilities, sex, education, ethnicities, family statuses, genders, gender identities, geographical locations, languages, military experience, political views, races, religions, sexual orientations, socioeconomic statuses, and work experiences.
Sexual and Relationship Misconduct¶
Simpson College strives to create an environment free from sexual or relationship misconduct of any kind; and in which those who have experienced sexual misconduct get the help and support they need. Simpson’s Sexual and Relationship Misconduct Policy outlines expectations the college has students and employees, including faculty. In order to do all that we can to maintain a safe campus community, and in compliance with Federal law, all employees of the college are expected to report knowledge of alleged sexual misconduct to the Title IX Coordinator. Therefore, if you reveal to me, in conversation, writing, class discussion, or in any other manner, that you have experienced sexual misconduct it is my obligation to share that information with the Title IX Coordinator on our campus. Please know that if this is a step that needs to be taken, I will do my best to involve you in that process so that you know what to expect as a result of the communication with the Title IX Coordinator. To learn more about the expectations the college has of you with respect to sexual misconduct, you can find the full policy here:
http://simpson.edu/sexual-and-relationship-misconduct-policy/