Notes Index for Web App Sec

• Intro: Crash Course on Client-Side Development, Connect To Cloud9
• Serving Data: SQL (sqlite), PHP, and quick servers
• Requesting Data: AJAX/Fetch, HTTP and various ways to make requests
• Understanding Servers: File Servers, htaccess, writing your first API
• Hosting with Heroku: Our first semi-permanent hosting solution.
• Practicing the craft: micro project management and a forum
• Sessions, Cookies, and Session Hijacking
• Passwords, storage, stretching and salting
• Text-Twist Submission Instructions
• Practical Entropy, first SQL injections.
• Our first CTF together.
• REST APIs by example
• Node and Express start from Scratch
• Web Exploit Practice via live CTF
• Firebase Introduction (Hosting, OAuth, Real-time DB, Micro-services/Functions)
• Live Demo building a networked web game with Firebase (added content after class)
• Role-Based Access Control (RBAC) in theory and in practice