Skip to content

UMD-CS-STICs/CMSC388J-s20

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Building Secure Web Applications with Python and Flask

Flask Logo

This course is an introduction to building secure, full-stack web applications with Python and Flask. We'll start with Python and Flask, and then subsequent weeks will cover how to add Flask extensions to your applications to implement common web app functionalities, how to protect your website from bad actors, and more! At the end of the course, you'll be able to deploy your app for the world to see.

Course Details

  • Course: CMSC388J
  • Prerequisites: C- or better in CMSC216 and CMSC250
  • Credits: 1
  • Seats: 32
  • Lecture Time: Tuesdays, 5-5:50 PM (all sections)
  • Location: HBK 1112
  • Semester: Spring 2020
  • Textbook: No textbook, all materials are provided and documentation is online
  • Course Facilitators: Kenton Wong, Yashas Lokesh
  • Faculty Advisor: Michael Marsh
  • Syllabus last updated: April 28th, 2020
  • Previously offered: Fall 2019

Topics Covered

  • Python
    • Variables, expressions, operators
    • Iterations, conditionals, collections
    • Functions
      • As first-class objects
      • Decorators
    • "Main" function
    • Built-in functions
  • Web Application Security
    • Cross-site scripting (XSS)
    • Cross-site request forgery (CSRF)
    • SQL injections
    • Man-in-the-Middle attacks (MitM)
    • Token & Two-factor authentication
  • Flask
    • Routing your web app
    • Templating
    • Adding extensions for more features
      • WTForms
      • SQLAlchemy
      • Talisman
      • Login
      • Creating your own
    • Logging
    • User Management
    • Blueprints
  • HTML/CSS/JS
    • Bootstrap
    • Integrating other frameworks
    • Custom CSS/JS configuration
  • SQL
    • SQLite
    • PostgreSQL
  • App Deployment
    • Heroku
    • Python Anywhere
    • Possibly: Google App Engine, AWS
  • Payments Integration
    • Stripe (possibly others, we're open to suggestions)
  • Version Control
    • Git

Schedule

Week Topic Assignment
1 Intro to Python Python practice (P1) assigned
2 Flask Intro P1 due, P2 assigned
3 Forms, CSRF
4 Databases, Injection Attacks P2 due, P3 assigned
5 User Management
6 File Uploads, Bootstrap P3 due, P4 assigned
7 In-depth CSS & JS*
8 SPRING BREAK
9 SPRING BREAK
10** Extensions (opt., publishing), Logging P4
11** HTTP Headers & Talisman Final project assigned
12** Blueprints
13** Two-factor Authentication Final project proposal due
14** Deploying your app
15** Payments with Stripe* Final project due last day of finals (5/20)
  • See Fluid Schedule & Online Class Schedule sections below

Fluid Schedule

Weeks 7 and 15 will have a main topic of discussion, but during these weeks, we'll also try to teach topics requested by the students. So if you guys feel like you need more info about a certain topic during class, or just want to learn a new idea altogether, let us know, and we'll try to add it in.

We'll send out information on how you can let us know anonymously; surveys will probably be conducted anonymously on ELMS.

Online Class Schedule

Starting from Week 10, classes will be online; we will add the slides for the topics of the week to the shared Google Drive folder, and we will be holding a Q&A session during classtime on Zoom.

Grading

Grades will be maintained on ELMS. You will be responsible for all material discussed in lecture as well as other standard means of communication (Piazza, email announcements, etc.), including but not limited to deadlines, policies, assignment changes, etc.

Your final course grade will be determined according to the following percentages:

Percentage Title Description
60% Projects Weekly projects to test knowledge of topics taught in class
40% Final Project Final project - creating app from scratch

Any request for reconsideration of any grading on coursework must be submitted within one week of when it is returned. No requests will be considered afterwards.

Projects

The project is due the day it is scheduled to be due, barring any extensions that may be given out. They will be due at 11:59 PM. Not all of the projects will have tests; they will be graded according to a rubric which will also be provided. All projects must be submitted online on ELMS.

Project weighting will be determined at a later time.

Late Policy: Projects may be submitted up to three days late for 10% off your earned grade, each day. After this, no more projects will be accepted. The highest score you get on the project, counting late and on-time submissions, will be your grade for that project. There are no exceptions unless you've talked with us beforehand or provide a valid excuse.

We will look at your most recent on-time and late (if applicable) submissions when grading.

Final project

The final project will use everything you have learned in class before and will require you to build a Flask web application from scratch with a group or individually, and deploy the app on a hosting platform. Requirements for the final project will come out in the shared Google Drive folder towards the end of the semester.

Outside-of-class communication with course staff

We'll communicate through students mainly through Piazza and through office hours.

Office hours: Thursdays, 2-3 PM, IRB tables

Please use Piazza as your primary communication with the course staff, we'll get back to you the quickest on Piazza. If you absolutely cannot use Piazza, then email us; if you are emailing Yashas or Kenton, make sure to CC the other. Additionally, please include [CMSC 388J] at the start of your subject line so we don't accidentally ignore your email.

Instructor:

Dr. Michael Marsh - [email protected]

Facilitators:

Yashas Lokesh - [email protected]

Kenton Wong - [email protected]

Excused Absence and Academic Accommodations

See the section titled "Attendance, Absences, or Missed Assignments" available at Course Related Policies.

Disability Support Accommodations

See the section titled "Accessibility" available at Course Related Policies.

Academic Integrity

Note that academic dishonesty includes not only cheating, fabrication, and plagiarism, but also includes helping other students commit acts of academic dishonesty by allowing them to obtain copies of your work. In short, all submitted work must be your own. Cases of academic dishonesty will be pursued to the fullest extent possible as stipulated by the Office of Student Conduct.

It is very important for you to be aware of the consequences of cheating, fabrication, facilitation, and plagiarism. For more information on the Code of Academic Integrity or the Student Honor Council, please visit http://www.shc.umd.edu.

Course Evaluations

If you have a suggestion for improving this class, don't hesitate to tell the instructor or TAs during the semester. At the end of the semester, please don't forget to provide your feedback using the campus-wide CourseEvalUM system. Your comments will help make this class better.

**

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published