CMSC388J: Building Secure Web Applications
(Fall 2024)

This course is an introduction to building secure, full-stack web applications with Python and Flask. We'll start with Python and Flask, and then subsequent weeks will cover how to add Flask extensions to your applications to implement common web app functionalities, how to protect your website from bad actors, and more! At the end of the course, you'll be able to deploy your app for the world to see.

Disclaimer: The syllabus is subject to change throughout the course of the semester.

Course Details

Staff

Contact

If you are emailing one of the facilitators, make sure to CC the others. Additionally, please include [CMSC 388J] at the start of your subject line. You are welcome to contact us via Discord as well.

The course will use discord for q&a, discussions, and announcements. You must make your nickname your first and last name

DiscordDiscord Link: https://discord.gg/7Ufjg7bk4Q

Office Hours

There are not currently set office hours.
Email or DM us on Discord to schedule a meeting.

Topics Covered

Schedule

Week Date Topic Assignment
1 08/30 Intro to Python, Github Classrooms P1 assigned
2 09/06 Intro to Flask P1 due , P2 assigned
3 09/13 Forms
4 09/20 MongoDB setup (interactive) P2 due , P3 assigned
5 09/27 State Management (users)
6 10/04 Files, Blueprints, Errors P3 due , P4 assigned
7 10/11 CSS, Tailwind, npm
8 10/18 Tailwind setup (interactive) P5 assigned 21st
9 10/25 JavaScwipt P4 due
10 11/01 APIs Proposal assigned
11 11/08 Deployments, Vercel (interactive) P5 due , Proposal due , Final Project assigned
12 11/15 OH
13 11/22 OH
14 11/29 BREAK Course Evals open 11/27
15 12/06 OH Course Evals due 12/10
16 12/13 Final Due Final Due

Projects

Projects are due at 11:59 PM on their due date. There will not be time in the schedule for blanket extensions. All projects must be submitted online via gradescope. If there is concern about your score let the instructors know.

Final project

The final project will use everything you have learned in class before and will require you to build a Flask web application from scratch and deploy the app on a hosting platform. Requirements for the final project will come out towards the end of the semester.

Grading

Grades will be maintained on Gradescope. This course includes extra credit. Gradescope doesn't support extra credit, so each assignment's total score will include all extra credit points, we will calculate letter grades at the end of the course, taking into account all extra credit.

Your final course grade will be determined according to the following percentages:

Percentage Title Additional Info
60% Projects 5 projects totaling to 60% of overall grade.
40% Final Project groups of 3-4 make a website using the skills learned in class

Robustness

If we perform any typical user actions on the website (e.g., clicking on links, navigating to different parts of the website using links, navigating to different parts of the website with direct URLs) and this causes a crash (a Flask error shows up on screen or the app crashes), then you may lose up to 50% of your final score for the project, depending on the severity of the error.

An example of a small error: syntax error in a Jinja template.

An example of a large error: a view function not being configured properly.

Late Policy

Projects may be submitted up to 3 days late for 10% off your earned grade per day (for a total of 30% off). After this, you will receive a 0%. There are no exceptions unless you've talked with us beforehand and provided an accepted excuse.

For each project, the highest score you get on it, counting all late and on-time submissions, will be your grade for that project.

University Policies

COVID-19 Guidance

See the COVID-19 Information webpage for the latest information. Currently masks are not required inside classrooms but recommended.

Excused Absence and Academic Accommodations

See the section titled "Attendance, Absences, or Missed Assignments" available at Course Related Policies.

Disability Support Accommodations

See the section titled "Accessibility" available at Course Related Policies.

Academic Integrity

Note that academic dishonesty includes not only cheating, fabrication, and plagiarism, but also includes helping other students commit acts of academic dishonesty by allowing them to obtain copies of your work. In short, all submitted work must be your own. Cases of academic dishonesty will be pursued to the fullest extent possible as stipulated by the Office of Student Conduct.

It is very important for you to be aware of the consequences of cheating, fabrication, facilitation, and plagiarism. For more information on the Code of Academic Integrity or the Student Honor Council, please visit http://www.shc.umd.edu.

Course Evaluations

If you have a suggestion for improving this class, don't hesitate to tell the instructor or facilitators during the semester. At the end of the semester, please don't forget to provide your feedback using the campus-wide CourseEvalUM system. Your comments will help make this class better.