The University of Arizona
banner image

CSc 397b -- Web Application Development with PHP and MySQL

Fall 2007

Contact Information
Please see the syllabus to know who to direct your specific questions to.
Instructor
Instructor of Record
Justin Samuel
Email: jsamuel
 Rick Mercer
Email: mercer
Date Notes
Week 1:
Aug 20		 What we did
  • Course Introduction
  • Handed out Course Syllabus
  • Walked through mapping a Windows drive to bitmonster (a.k.a. /cs/extra)
  • Walked through download and usage of a userspace WAMP system: UniformServer
  • Walked through download and usage of Eclipse+PDT all-in-one package
  • PowerPoint presentation on web applications in general.
  • Security demostration: Cross-Site Scripting (XSS). Note that this was just a quick demo to give an initial idea of how web applications can be insecure. We will delve into more details throughout the rest of the course.
Assignment
Before next week's class, please:
  • Make sure you have Uniform Server and Eclipse+PDT working in the lab - email Justin if you have difficulties with either of these.
  • Read Bruce Schneier's article Debating Full Disclosure
  • Read The Chilling Effect from CSOOnline.com.
Week 2:
Aug 27		 What we did
  • Made sure everyone had Uniform Server up and running
  • For those who didn't get Eclipse+PDT working, that's fine, Textpad can be used and is already installed in the lab.
  • Went through lesson 2 [Zip file]
    • Intro to HTML
    • Intro to CSS
    • Intro to PHP
    • Intro to forms and form data processing
  • Discussed non-persistent Cross Site Scripting (XSS) attacks
    • Showed how using htmlspecialchars (with ENT_QUOTES) isn't enough to always protect against XSS
    • Discussed and demonstrated filter evasion
    • Showed useful resource for learning and testing: XSS Cheat Sheet
Week 3:
Sep 3		 No class

Labor day.
Week 4:
Sep 10		 Lesson 3

Get the files for lesson 3: [Zip file]
Week 5:
Sep 17		 Lesson 4

Get the files for lesson 4: [Zip file]

Note: 4.zip updated on 9/23 to correct errors/missing content in what I gave you last week.

This week we dove into SQL and covered INSERT and a little bit of SELECT.
Week 6:
Sep 23		 Lesson 5

Get the files for lesson 5: [Zip file]

This week we are going to cover SQL SELECT, UPDATE, and DELETE statements, as well as actually spend time working on exercises where you'll get to use what you've learned so far.
Week 7:
Oct 1		 Lesson 6

Get the files for lesson 6: [Zip file ]
Week 8:
Oct 8		 Lesson 7

Get the files for lesson 7: [Zip file ]
Week 9:
Oct 15		 Lesson 8

Get the files for lesson 8: [Zip file ]

Not able to do the lesson this time as Bitmonster was down and that affected most of us. We talked security instead.
Week 10:
Oct 22		 Lesson 8

We actually did lesson 8 this week.
Week 11:
Oct 29		 Lesson 9

Get the files for lesson 9: [Zip file ]

Started class project: secure blog system from scratch.
Week 12:
Nov 12		 Veteran's day, no class
Week 13:
Nov 19		 Lesson 10

Get the files for lesson 10: [Zip file ]
Week 14:
Nov 26		 Lesson 11

Get the files for lesson 11: [Zip file ]
Week 15:
Dec 3		 Lesson 12

Get the files for lesson 12: [Zip file ]