A brief overview of the entire course
The CA plans for Enterprise Web Development and Mobile Application Development
The specification for Assignment 2 + summary of grading approach & weightings
Final Presentation Schedule
An outline of the scope and timelines of work placement project
Detailed guidelines on your work placement project.
Detailed guide to your work placement
JavaScript, an introduction to the language of the web.
Continuing introduction to the language including the topics of identifiers, operators and contol flow techniques.
Simple JavaScript client-side applications. Introducing Chrome Developer tools.
The DOM: Javascript manipulates the contents of the web page through a standard abstraction called the Document Object Model (DOM), hence the reason for this brief introduction.
jQuery: although not as popular as it once may have been, rumours of its death have likely been greatly exaggerated. Undoubtedly losing ground to modern frameworks. it will still probably be in widespread use for quite some time yet.
Concluding our introduction to JavaScript with a brief discussion about Ajax.
APIs in Ajax
Review the FoureSquare api and the venues end point. Show how the browser, a dedicated rest tool and a node programme can access this API
What is node? What is its role in modern development? We look at some key characteristics of the platform
A look at the components of node, its versioning systems, and key advantages
Examine how node is programmed. Explore callback styles, modules and node program structure.
Enumerate the core building blocks of hapi and explain how these are assembled into a simple application.
Explore how to server simple views using the Hapi Inert plugin
Extend the static view with more dynamic capabilities with the vision plugin and the handlebars templating engine.
A review of the exercises in the last lab + a tour of the freecodecamp javascript lesson plan
Introduce Hapi, positioning it within the spectrum for Node Frameworks. Identify Hapis' unique features.
Keeping track of the currently logged in user is a challenge - as HTTP is, by definition 'stateless'. Hidden form fields, url rewriting and cookies are three common techniques for implementing sessions.
The hapi-auth-cookie provides cookie management for Hapi applications, facilitating creating, read and delete of secure browser based cookies.
Brief discussion on arrays and global variables.
A short introduction to Promises, a new feature is ES6, to simplify asynchronous programmming.
A review of the NoSQL movement and some of its key characteristics
Installing, connecting to and initialising Mongoose/MOngo db from a node application.
Creating and using Objects in Mongo, using its promise based API
Exploring some of the expressive features of the language, such as functions as first class objects. Brief encounter with some of the newly introduced functionaliy as part of ECMAScript 2015 (ES6).
Joi is a node validation module providing general purpose schema based validation.
Hapi & Joi can work together to deliver easy to configure declarative validation for handlers.
Examining closure and scope
Callbacks are gradually being replaced with Promises in some modules and components. We review callbacks again here and look at how promises approach the same tasks.
Heroku is a PaaS, supporting node and a variety of other application types. We review here the steps involved in deploying a node app.
Creating and maintaining relatopnships between mongo documents enable powerful models to be constructed and queried.
Seeding the database can simplify exploratory development, prepopulating the database with simple test data during development.
Users should be able to donate to different candidates. We extend the model to include Candidates, incorporating candidate references into donations.
An Application Programmer Interface is the published set of http endpoints and messages that a service can support. API design and implementation is a rich field of study - here we take a general overview.
Expose access to the Candidates model as a REST endpoint. This involved defining new routes and handlers, which respond simple JSON representations.
Tools like Postman and Insomnia usefully exercise endpoints. However, we can also exercise them problematically, which offers some significant advantages.
Setting the scene
Crash course in cryptography for first lab exercise
Very short talk on standard security services
Data encryption using symmetric and public-key techniques
Hash functions; message authentication codes; digital certificates
Transport Layer Security (TLS), formerly SSL
Test Driven Development has been among the most influential approaches in recent software engineering history. Here we look at its origins, principles and some of the important benefits of the approach.
The essential elements of TDD are fairly easy to grasp. The support libraries (xUnit) are relatively straightforward, and we can expect our IDE to provide direct assistance to using these libraries. Here we look at the facilities Eclipse provides to the JUnit library.
One way of becoming familiar with TDD is to explore some simple examples of various strategies that might be employed in some simple examples. Here we look the evolution of a simple Stack class.
Accessing http and the donations api can be encapsulated in purpose built classes. We can then simplify the tests significantly, and expand them to be a more comprehensive exercise of the API.
OWASP's "Ten Most Critical Web Application Security Risks"
Security requirements analysis using misuse cases
This assignment requires you to prepare a report based mainly on your practical experience with web application security.
HTTP is the heartbeat of the Web, and the key protocol through with both applications and services communicate. A general understanding of it is a key part of a developers knowledge base.
Completing the Donation API involves constructing more complex so called 'Restful' endpoints, which serve to introduce references between entities in our model.
Authentication techniques
Delegated access technique
A standard Java project to implement a JUnit set of tests of the donation Service API. This is essential to ensure the stability and robustness of the REST interface.
Building a first aurelial app using the aurelia-cli + webstorm. Explore the basics of viewmodels, views + binding.
Testing for vulnerabilities; attack techniques
Cleaning and filtering input
MVC & MVVM are patterns that layout potential approaches to GUI application development.
Imports & Decorators are ESNext features that are central to Aurelia. In particular they are used to pwoerfull effect to realise Dependency Injection capabilities.
View-Models can be composed from other view-models, creating a reusable ecosystem of pluggable building blocks.,
This is a component in the Aurelia framework which delivers http client access. We will need some work on the server for it to be accessed from an aurelia client.
The class can now be reimplemented to use the aureli-http-client. Existing data binding relationships should not need to be changed.
Json Web Tokens is a prominent authentication mechanism securing APIs. A review of its general principles.
