Web-Technology Exam preparation.

Slides:



Advertisements
Similar presentations
PHP Form and File Handling
Advertisements

Cross-Site Scripting (XSS) Vulnerability in AJAX and Adobe Flex Applications Danielle Cauthen 04/09/2010 COMS E6125 – Web enHanced Information Management.
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
Computing Concepts Advanced HTML: Tables and Forms.
Web Page Behavior IS 373—Web Standards Todd Will.
Lecture 3 – Data Storage with XML+AJAX and MySQL+socket.io
INTRODUCTION TO WEB DEVELOPMENT AND HTML Lecture 07: Forms - Spring 2011.
Ajax (Asynchronous JavaScript and XML). AJAX  Enable asynchronous communication between a web client and a server.  A client is not blocked when an.
JavaScript & jQuery the missing manual Chapter 11
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
1 PHP and MySQL. 2 Topics  Querying Data with PHP  User-Driven Querying  Writing Data with PHP and MySQL PHP and MySQL.
JavaScript, Fourth Edition
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
Web 2.0 Security James Walden Northern Kentucky University.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
CSE 190: Internet E-Commerce Lecture 5. Exam Material Lectures 1-4 (Presentation Tier) –3-tier architecture –HTML –Style sheets –Javascript –DOM –HTTP.
1 Accelerated Web Development Course JavaScript and Client side programming Day 2 Rich Roth On The Net
1 Midterm Review. 2 Midterm Exam  30% of your grade for the course  October14 at the regular class time  No makeup exam or alternate times  Closed.
Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.
Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim
Chapter 6 Server-side Programming: Java Servlets
Session I Chapter 1 - Introduction to Web Development
CSC 2720 Building Web Applications Server-side Scripting with PHP.
Dynamic web content HTTP and HTML: Berners-Lee’s Basics.
Lecture 9: AJAX, Javascript review..  AJAX  Synchronous vs. asynchronous browsing.  Refreshing only “part of a page” from a URL.  Frameworks: Prototype,
Web Applications Testing By Jamie Rougvie Supported by.
Building Secure Web Applications With ASP.Net MVC.
By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.
Rails & Ajax Module 5. Introduction to Rails Overview of Rails Rails is Ruby based “A development framework for Web-based applications” Rails uses the.
Web Application Vulnerabilities ECE 4112 Internetwork Security, Spring 2005 Chris Kelly Chris Lewis April 28, 2005 ECE 4112 Internetwork Security, Spring.
Netprog 2002 CGI Programming1 CGI Programming CLIENT HTTP SERVER CGI Program http request http response setenv(), dup(), fork(), exec(),...
1 Final Review. 2 Final Exam  30% of your grade for the course  December 9 at 7:00 p.m., the regular class time  No makeup exam or alternate times.
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
Web Technologies Lecture 1 The Internet and HTTP.
What Is XSS ? ! Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to.
AJAX and REST. Slide 2 What is AJAX? It’s an acronym for Asynchronous JavaScript and XML Although requests need not be asynchronous It’s not really a.
Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.
Chapter 1 Murach's JavaScript and jQuery, C1© 2012, Mike Murach & Associates, Inc.Slide 1.
Introduction to JavaScript MIS 3502, Spring 2016 Jeremy Shafer Department of MIS Fox School of Business Temple University 2/2/2016.
1 Chapter 22 World Wide Web (HTTP) Chapter 22 World Wide Web (HTTP) Mi-Jung Choi Dept. of Computer Science and Engineering
INTERNET APPLICATIONS CPIT405 Forms, Internal links, meta tags, search engine friendly websites.
By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,
PHP: Further Skills 02 By Trevor Adams. Topics covered Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies.
HTML Introduction HTML Editors HTML Basic HTML Elements HTML Attributes HTML Headings HTML Paragraphs HTML Formatting HTML Links HTML Head HTML CSS HTML.
National College of Science & Information Technology.
Introduction to Information Security
CSCE 548 Student Presentation Ryan Labrador
NodeJS Security Using PassportJS and HelmetJS:
An Introduction to Web Application Security
Web Technologies Computing Science Thompson Rivers University
z/Ware 2.0 Technical Overview
AJAX and REST.
Chapter 19 PHP Part III Credits: Parts of the slides are based on slides created by textbook authors, P.J. Deitel and H. M. Deitel by Prentice Hall ©
PHP / MySQL Introduction
Web Programming– UFCFB Lecture 17
Web-Technology Lecture 11.
Web Systems & Technologies
Web-Technology Lecture 10.
Web Systems Development (CSC-215)
AJAX Robin Burke ECT 360.
Web Systems Development (CSC-215)
HTML5 Level I Session I Chapter 1 - Introduction to Web Development
Secure Web Programming
Chengyu Sun California State University, Los Angeles
Web Technologies Computing Science Thompson Rivers University
Chengyu Sun California State University, Los Angeles
Exploring DOM-Based Cross Site Attacks
© 2017, Mike Murach & Associates, Inc.
Presentation transcript:

Web-Technology Exam preparation

Exam When: 12-4-2017 at 13.30-15.30 Where: EDUC-ALFA Retake: The exam is closed-book Closed-slides Closed-notes Closed-laptop Closed-phone Closed-neighbour You can use scratch paper, of course Neither paper nor pens/pencils will be provided

More deadlines 10/04/2017: Assignment 3 submission 19/04/2017: Assignment 3 grades are posted 21/04/2017: Deadline for Assignment 3 grades to be disputed 25/04/2017: Final Exam grades are e-mailed to you 25/04/2017: Course grades are entered into Osiris Until 31/04/2017: Come to my office if you have questions about the final exam grade

Materials for exam preparation Lecture Slides Reading page

Topics: a look back Lecture 1 Lecture 2 Lecture 3 History of the Web Web standardization Lecture 2 OIS model TCP/IP URL, URI, URN HTTP HTML Lecture 3 HTML5 CSS(3.0)

Topics – a loooong look back Lecture 4 Basics of JavaScript Objects, Prototypes and Inheritance Functions Types and type conversion DOM Events Lecture 6 BOM Event model Event propagation Cookie

Topics: keep looking back Lecture 7 Callback functions jQuery Client-server architecture Intro to Node.JS Lecture 8 Building a simple Web App with Node.JS HTTP Request/Response Serving Static Files Handling Errors Form processing File Uploads JASON

Topics: looking back a bit more Lecture 9 Connect.JS Building Web Apps using Middleware Connect’s built-in middleware Typical middleware (handling errors, serving static files, parsing cookies, etc.) AJAX Lecture 10 Stateful Web Building up state in the URL ..using hidden input fields …or cookie or local storage Sessions Web-based data bases Node.JS meet SQLite Persistent Sessions

Topics: and a bit more Lecture 11 Lecture 12 Stateful Web with AJAX AJAX with JQuery Express.JS Setting up Web Apps Routing Serving Static files Handling errors Template engines Lecture 12 Social Web History and types of social Web Apps Features of social Web Current trends in Social Web development

Topics: still not looking forward Lecture 13 Semantic Web RDF RDFS Ontologies and OWL Schema.Org Google’s Knowledge Graph Facebook’s Open Graph Lecture 14 Adaptive Web Adaptive Systems User modelling Personalized Information Access Adaptive Search Adaptive Hypermedia Adaptive Recommendation

Topics: almost there Lecture 15 Web App Security Information Leakage and Improper Error Handling (SQL) Injection Cross-Site Scripting (XSS) Insecure Direct Object Reference Missing Function Level Action Control

Types of question: Conceptual understanding Which of the following statements are not true? Select one answer. a. HttpOnly cookies can not be sent over HTTPS. b. Secure cookies can not be sent over HTTP. c. The underlying problem of XSS is a lack of input validation.

Types of questions: Code analysis Given the following JavaScript code: x = "3" + "14"; alert(x); What will be presented in the alert box?

Types of questions: Code completion The following server code is vulnerable to SQL injection. // … String query = "SELECT user_id FROM user_data WHERE " + user_name = '" + req.getParameter("user") + "' AND user_password = '" + req.getParameter("password") +"'"; Specify which input should be placed in the query string within the empty rectangle to exploit this vulnerability.  http://badwebsite.my/process?user= &password=“whatever”

Types of questions: CU + CA Put the following ways of event handlers in order of desirability, most desirable (top) to least desirable (bottom). E.g. “a, b, c”. Order of desirability:______________ a. myimg.onload = myFunc; b. <img id="myimg" onload="myFunc()" src="myimage.jpg"/> c. myimg.addEventListener("load", myFunc, false);

Types of questions: Draw a diagram Draw an RDF graph representing the following set of statement <rdf:Description rdf:about="http://en.wikipedia.org/wiki/Tony_Benn"> <dc:title>Tony Benn</dc:title> <dc:publisher>Wikipedia</dc:publisher> </rdf:Description>

Types of questions: Tricky Given the following HTML <h3>This is a header with specified margin</h3> <p>This is a paragraph with specified margin</p> And given the following CSS: h3 { margin-top: 25px; margin-bottom: 50px; } p { margin-top: 75px; margin-bottom: 75px; In the browser, this leads to a certain distance between the two HTML elements: Indicate the distance between the two HTML elements in pixels (px): _________

Grading the exam Questions will have different weights Weights are not known to you in advance The exam grade will be curved Minimal requirement Show effort The final grade: 10%+20%+40%+30% Non zero exam grade requirement