SY306 - Web and Databases for Cyber Operations
Coordinator: Assoc. Prof. Adina Crainiceanu, MI362, x3-6822, firstname.lastname@example.org
Course Policy, Spring AY17
Course Description: The course covers basic web-based application development with a database back-end, with a focus on security. Topics include client side and server side web applications development, the SQL language for relational databases, web authentication, secure web protocols, attack and defense of web-based applications with a database back-end.
Prerequisites: SY301- Data Structures for Cyber Operations
Learning Objectives:Upon completing this course, students should be able to
Student Outcomes:This course contributes to the following student outcomes:
- Develop static and interactive client-side web applications.
- Query relational databases to satisfy user requirements.
- Develop database-backed web applications, for a given database. (Supports student outcome b)
- Implement data access control mechanisms for database security.
- Implement application-level security measures to prevent unauthorized access to data. (Supports student outcome b)
- Understand the principles of common web-based attacks such as cross-site scripting, cross site request forgery, SQL injections
(b) An ability to analyze a problem, and identify and define the computing requirements appropriate to its solution; (supported by learning objectives 3 and 5)
Textbook(s): No textbook required.
Extra Instruction: Extra Instruction (EI) is available and strongly encouraged when your own attempts to understand the subject matter are unsuccessful. EI is not a substitute lecture; students should come prepared with specific questions or areas to be discussed (i.e. have read the assigned readings). If you have missed class, get the notes from a classmate or watch the Tegrity recording of the class.
EI is normally available during weekdays by appointment; see the course web page (URL above) for hours of non-availability (research day). Students may also show up at the instructor's office without appointment, however no expectation of instructor availability should be assumed. Email questions are also encouraged, though in some cases the reply will request in-person EI as the most effective solution.
Collaboration: You may collaborate on laboratory assignments to the following extent: collaborative conversations with regard to syntax, strategies and methods for accomplishing the goal of the labs are encouraged; however design and implementation must be the work of the individual student handing in the final product. Sharing or copying of code is never permitted. In addition, you must identify all those that you collaborate with (give or receive help) on your assignment cover sheet. Consult your instructor if you need further clarification.
For team projects, the only collaboration allowed is among members of the same team. A midshipman may give no assistance whatsoever to any person not on their assigned team and may receive no assistance whatsoever from anyone outside the team, except from the instructor.
Exams will be open notes / closed book. Expect frequent quizzes on assigned reading. Quizzes may be open or closed book/notes, as announced. All work on exams and quizzes must be your own, with no collaboration allowed, in accordance with USNAINST 1610.3H, USNAINST 1531.53, and COMPSCIDEPTINST1531.1C. These references can be found at http://www.usna.edu/CS/Resources/honor.php.
Classroom Conduct: Students shall uphold all professional standards while in class. Proper uniforms shall be worn, and proper language shall be used. Sleeping in class is prohibited. If you are experiencing difficulty staying awake at your desk, stand in the back of the room. No food or smokeless tobacco in the classroom/labs. Beverages in closed containers only. Cell phones must be silent during class.
The section leader will record attendance and bring the class to attention at the beginning and end of each class. If the instructor is late more than 5 minutes, the section leader will keep the class in place and report to the Computer Science department office. If the instructor is absent, the section leader will direct the class in productive work.
Late Policy: Unless otherwise specified, assignments (labs) are due one minute before lab or class on the due date (electronically and paper). Assignments with paper copies must be turned in before the start of lab/class on the due date. If the paper copy is later than this, then the whole assignment will be treated as if submitted when the paper copy arrives. Blackboard quizzes will typically be due at 1000 each Wednesday.
Weekend days count as full late days. An assignment due on Friday is 3 days late if turned in on Monday. Partial days are rounded up.
You are encouraged to turn everything in on time like the responsible adult that you are. However, unexpected events do happen, so you have 5 floating grace days to use during the semester. You may spread these out over any number of assignments. For instance, you may use 3 grace days on one lab, and 2 grace days on another. After using all of your grace days, you will receive a 0 (zero) on any late assignment thereafter. Weekend days count as full late days.
Please note: grace days are intended to flexibly handle things like illnesses, injuries, and stressful circumstances. You shouldn't have to worry when these things happen. This is your safety net. However, if you use up your 5 days for "trivial" reasons, and then you fall ill, please consider what you're asking before pleading for extra late time.
|6 weeks||12 weeks||Final|
The project grade will be based upon the instructor's estimation of the group's collective results, adjusted for each team member based upon the other group members' estimation of the individual's contribution.
The 6 and 12-week exams will primarily focus on the recent material. The final exam will be comprehensive. If for some reason a make-up exam will be required, inform the instructor at least 1 week in advance.
Expect the exams to challenge your understanding of the underlying principles involved - being able to "eventually" get some web program to "work" via trial and error is not sufficient understanding for your current education and for your ability to learn new developments in the future.
- Server-side programming with Python
- Web protocols - http, https
- Authentication: HTTP Basic authentication, digest, form-based authentication
- Cookies, sessions
- Relational database model and SQL
- Web applications with a database back-end
- Database security
- CSRF, XSS attacks
- SQL injections
Assoc. Prof. Adina Crainiceanu CDR. Mike Bilzor
Course Coordinator Computer Science Department Chair