Web Software Development
Lecture 7 – 7.12.2023
Agenda
Web Security Basics
Web Security Basics
Web Security Basics
Web Security Basics
E.g. a study from University of Maryland with four servers – an attack on average every 39 seconds.
Web Security Basics
E.g. a study from University of Maryland with four servers – an attack on average every 39 seconds.
Web Security Basics
E.g. a study from University of Maryland with four servers – an attack on average every 39 seconds.
E.g. Verizon Data Breach Investigations Report – 74% of breaches involve the human element.
Web Security Basics
E.g. a study from University of Maryland with four servers – an attack on average every 39 seconds.
E.g. Verizon Data Breach Investigations Report – 74% of breaches involve the human element.
Web Security Basics
Web Security Basics
Web Security Basics
Web Security Basics
Broken Access Control
Web Security Basics
Broken Access Control
Cryptographic Failures
Web Security Basics
Broken Access Control
Cryptographic Failures
Injection
Web Security Basics
Broken Access Control
Cryptographic Failures
Injection
…
Injection demo: A buggy application.
Deployment and Docker
Deployment and Docker
Deployment and Docker
Deployment and Docker
Deployment and Docker
Multi-stage builds with Docker
Multi-stage builds with Docker
Multi-stage builds with Docker
Multi-stage builds with Docker
Multi-stage builds with Docker
Example Dockerfile
Multi-stage builds with Docker
FROM node:21-alpine AS client �WORKDIR /app �COPY ui/ .�RUN npm install�RUN npm run build ��FROM denoland/deno:alpine-1.37.0 �WORKDIR /app �COPY api/ . �RUN deno cache app-run.js �COPY --from=client /app/build /app/static�CMD ["run", "--allow-net", "--allow-read=static", "app-run.js"]
Multi-stage builds with Docker
FROM node:21-alpine AS client �WORKDIR /app �COPY ui/ .�RUN npm install�RUN npm run build ��FROM denoland/deno:alpine-1.37.0 �WORKDIR /app �COPY api/ . �RUN deno cache app-run.js �COPY --from=client /app/build /app/static�CMD ["run", "--allow-net", "--allow-read=static", "app-run.js"]
Build client-side functionality.
Multi-stage builds with Docker
FROM node:21-alpine AS client �WORKDIR /app �COPY ui/ .�RUN npm install�RUN npm run build ��FROM denoland/deno:alpine-1.37.0 �WORKDIR /app �COPY api/ . �RUN deno cache app-run.js �COPY --from=client /app/build /app/static�CMD ["run", "--allow-net", "--allow-read=static", "app-run.js"]
Build client-side functionality.
Build and define server-side functionality.
Multi-stage builds with Docker
FROM node:21-alpine AS client �WORKDIR /app �COPY ui/ .�RUN npm install�RUN npm run build ��FROM denoland/deno:alpine-1.37.0 �WORKDIR /app �COPY api/ . �RUN deno cache app-run.js �COPY --from=client /app/build /app/static�CMD ["run", "--allow-net", "--allow-read=static", "app-run.js"]
Build client-side functionality.
Build and define server-side functionality.
Copy specific contents from the client-side image the server image.
Multi-stage build demo
Note! This requires creating the client-side functionality so that it can be served as a static site.
Note! This requires creating the client-side functionality so that it can be served as a static site.
Like we’ve done in the course :D
Deployment with Docker?
Deployment with Docker?
Most online platforms provide the possibility to deploy a Docker image.
Deployment with Docker?
Most online platforms provide the possibility to deploy a Docker image.
Demo with Render.
A brief note on continuous integration and continuous deployment.
Other Frameworks and Languages
Other Frameworks and Languages
Other Frameworks and Languages
Other Frameworks and Languages
Other Frameworks and Languages
Other Frameworks and Languages
Other Frameworks and Languages
There is no single correct choice.
Other Frameworks and Languages
There is no single correct choice.
Other Frameworks and Languages
There is no single correct choice.
The teams responsible for each specific part picks the technologies that they believe best work for that part.
Example: Our course platform
Requesting Credits
Requesting Credits
Requesting Credits
Requesting Credits
Requesting Credits
What’s next?
What’s next?
What’s next?
What’s next?
What’s next?
Will be updated �~April 2024.
What’s next?
Will be updated �~April 2024.
What’s next?
Will be updated �~April 2024.
Will also update the new version of CS-C3170 in the Spring of 2024 based on feedback.
Retrospective?
Retrospective?
Think of the course as a whole. Which one aspect of it would you wish to keep?
Retrospective?
Think of the course as a whole. Which one aspect of it would you wish to keep?
Think of the course as a whole. Which aspect of it would you wish to change?
Final words – DALL·E 3
Final words – DALL·E 3
Q: Hi! Could you summarize contemporary web development in one image?������������
Final words – DALL·E 3
Q: Hi! Could you summarize contemporary web development in one image?��A: .. The image captures various elements central to modern web development, such as a laptop with a web design interface, cloud computing, automation tools, responsive designs on mobile devices, snippets of coding languages, cybersecurity, and icons for popular web technologies.
Final words – DALL·E 3
Q: Hi! Could you summarize contemporary web development in one image?��A: .. The image captures various elements central to modern web development, such as a laptop with a web design interface, cloud computing, automation tools, responsive designs on mobile devices, snippets of coding languages, cybersecurity, and icons for popular web technologies.
Final words – DALL·E 3
Q: Hi! Could you summarize contemporary web development in one image?��A: .. The image captures various elements central to modern web development, such as a laptop with a web design interface, cloud computing, automation tools, responsive designs on mobile devices, snippets of coding languages, cybersecurity, and icons for popular web technologies.
��Oh well, thanks for joining in and happy holidays!