CSE312: Web Applications

Fall 2022

Submit assignments here
Watch past lectures
Ask questions and find office hours
Chat with other students

Course Description

Covers the fundamentals of full-stack web development and deployment with a strong emphasis on server-side code and functionality. Students will develop a full-stack web application without the use of a pre-existing web server or web framework. Topics include HTTP, APIs, AJAX, databases, encryption, authentication, sockets, privacy, and security.


To do well in this course you are expected to:

  • Have a desire to learn about Web Applications
  • Be able to develop software with little guidance
  • Be able to find, read, and understand technical documentation
  • Spend a minimum of 12 hours/week on CSE312


Your final grade will be determined by the following percentages:

Lecture Questions 10%
Homework 60%
Team Project 20%
Team Project Presentation 10%

Your final letter grade will be determined by the following cutoffs:

92%+ A
89% - 92% A-
86% - 89% B+
83% - 86% B
80% - 83% B-
77% - 80% C+
74% - 77% C
70% - 74% C-
< 70% F

Lecture Questions: Most lecture will contain a simple, usually multiple choice, question for you to answer during lecture. Of these questions, 10% of them will be dropped. For example, if we have 40 lecture questions throughout the semester, you can miss 4 of them and still earn the full 10% towards your final grade.


There is no textbook for this course. Links to relevant readings and tutorials will be provided in the course schedule.

Academic Integrity

CSE Department Academic Integrity Policy:

UB Academic Integrity Policy:

In addition to the department and university policies, the following details apply to this course.

All submitted work must be of your own creation and you must not share your submission with anyone else. If any submission is very similar to what has been submitted by another student, or can be found online, it is in violation of this courses academic integrity policy and all students will be penalized whether they were copying or sharing their submission with other students so they can copy. If two submissions are similar beyond what is likely if the students worked independently, then both students are in violation of the academic integrity policy.

All violations will result in:

An F in CSE312.

It is your responsibility to understand what constitutes an academic integrity violation. If you have any question whether something you are doing is a violation or not, ask for clarification before receiving an F in the course. I will not entertain excuses after you have been caught.

Examples of acceptable behavior:

  • Discussing an assignment with your classmates and brainstorming abstract solutions, then writing code and documentation independently
  • Searching the Internet for supplementary material on the course topics
  • Asking the teaching staff for clarification on a homework question
  • Collaborating with your team mates on the team project

Examples of unacceptable behavior:

  • Falsifying a homework submission form. Ex. Claiming to have completed an objective that you did not complete.
  • Submitting code or other work that is not your own for course credit.
  • Allowing another student to see your code or submission for an assignment. (Ex. Sitting side-by-side while working on a homework such that you can see each other screens)
  • Collaborating with another student to write code or documentation for a homework assignment.
  • Allowing another student to access your work that will be submitted for course credit. (Ex. Do not post you code publicly, host your code in a public repository, or allow anyone to access your laptop)
  • Copying a large amount of material found on the Internet into your submission.
  • Writing project code for a teammate and allowing them to represent it as their own.



Each assignment will be a programming/development assignment with a submission of your software on AutoLab, though there will be little/no automated grading in this course. You will submit all of the code and files that comprise your software on AutoLab in a single zip file.

The following apply to all homework assignments except where exceptions are explicitly stated:

  • You may choose any programming language you prefer
  • No external libraries or frameworks are allowed if the library implements functionality that we covered in class (TCP and concurrency exception below for certain languages)
  • Any libraries/packages/classes/functions/etc included with your language of choice that complete part of an assignment - related to the course content - for you are not allowed. This includes any and all HTTP libraries and frameworks
  • Code included with your language of choice that handles TCP socket servers and concurrency are allowed. Most assignments will start with a TCP socket server upon which you'll develop a web server. Industry standard external libraries for TCP and concurrency are allowed if they are common in the community for your language (Ex. Akka for Scala).
  • If you have any question whether or not something is allowed, please ask before the assignment is due. In general, if I explained something in detail during lecture then you must write all the code that implements those details.



You'll work in teams of 4-6 to create a web application.

Follow the requirements in the following document to ensure that you complete the project as expected.

Weekly Meetings

All scheduled recitation sections are cancelled and replaced with team meetings which will start on week 5 of the semester. Your team will schedule a time and location for these meetings and all team members will submit the team meeting form after each meeting.

Team Meeting Form

Meeting submissions and peer evaluations will be used to adjust individual grades at the discretion of the course staff. The average individual score for a team will equal the team score for each phase (ie. An entire team will not be penalized based on meetings and evaluations). Individual grade adjustments will not result in a score > 100%.


The entire project is due after the last day of classes. There is no physical submission at the deadline. After the dues date, we will clone your repository and grade based on the code you've pushed.

Specific requirements for the project and presentation:

Open-Source Reports

As opposed to the homework assignments, you are allowed to use external libraries, frameworks, and services for your project. For example, instead of building your site starting with a TCP socket server you can use technology such as Express, Flask, Django, React, Angular, Handlebars, Socket.io, etc. However, you are required to write several reports explaining how these libraries function. See the project requirements document for specific requirements on the reports that need to be written.

Each report must answer:

  • What does this technology (library/framework/service) accomplish for you?
    • Explain what this technology does in your project. What problems does it solve for you?
  • How does this technology accomplish what it does?
    • Explain in detail how this technology works. You must include links to any relevant code within the libraries themselves (Not your code where you use the library). You must include links to the exact code that solves your problem for you.
    • Ex. If you use express for your web framework you must explain how express handles an HTTP request and link to the exact code on GitHub that parses HTTP headers.
  • What license(s) or terms of service apply to this technology?
    • When using technology you did not write you will be subject to certain agreements. List any licences attached to the project (Ex. MIT, Apache) and what that license means for your project. If using a service, review the terms of service and explain all the implications of these terms for your project.

Why?: Developing a website using existing frameworks/libraries/services does not require years of CSE education and is not appropriate for a project in a 300-level technical course. The use of frameworks/libraries/services are required for this project, and strongly encouraged outside of this course, but you must prove that you understand what is being done for you by other developers and how they do it. In this course, you cannot use technology that you do not understand.

If any reports are missing, inadequate, or don't go into enough depth, the team is in violation and the project may become invalid. Consequences will be decided by the course staff on a case-by-case basis which can range up to a 0 for the entire project.


Project grading is based on your team's completion of each feature required for your project. Features will be equally weighted.

Note: If you complete a feature without complete reports, you will earn a 0 for that feature.

Security: If there are any security issues with your project that have been covered in lecture, your grade for each feature that exposes the vulnerability will be changed to 0. Your entire project grade may be changed to 0 at the discretion of the course staff and depending on the severity of the security vulnerability.

1 - HTTP and Docker
Homework 1
Week 1
Monday, August 29
Course Introduction and TCP/IP
<-- Slides
Wednesday, August 31
Friday, September 2
HTTP Request/Response
Week 2
Monday, September 5
No Class - Labor Day
Wednesday, September 7
HTTP - Static Files, MIME Types, and Encodings
Friday, September 9
Week 3
Monday, September 12
Wednesday, September 14
Friday, September 16
Testing APIs and docker examples
2 - Dynamic Site
Homework 2
Week 4
Monday, September 19
Front End Development - HTML/CSS + JavaScript
Wednesday, September 21
HTTP POST and Forms
Friday, September 23
HTTP POST - File Uploads
Friday, September 23 @ 11:59pm Team Formation Due
Week 5
Monday, September 26 @ 9:00am HW1 Due
Monday, September 26
Wednesday, September 28
Friday, September 30
HTML Injection Attacks
Week 6
Monday, October 3
Wednesday, October 5
Browser Extensions
Friday, October 7
AJAX and Polling
Week 7
Monday, October 10
No Class - Extra office hours in Davis 344 during lecture time
Wednesday, October 12
No Class - Extra office hours in Davis 344 during lecture time
Friday, October 14
No Class - Extra office hours in Davis 344 during lecture time
3 - WebSockets and WebRTC
Homework 3
Week 8
Monday, October 17
Wednesday, October 19
WebSocket Frames
Friday, October 21
WebSocket Examples
Week 9
Monday, October 24 @ 9:00am HW2 Due
Monday, October 24
WebRTC Overview
Wednesday, October 26
WebRTC Details
Friday, October 28
WebRTC Demos
Week 10
Monday, October 31
Examples and Architecture
Wednesday, November 2
Examples and Architecture
Friday, November 4
Examples and Architecture
4 - Authentication
Homework 4
Week 11
Monday, November 7
Wednesday, November 9
Authentication and Secure Password Storage
Friday, November 11
Authentication Tokens and Sessions
Friday, November 11 @ 11:59pm Team Project Reports Checkpoint
Week 12
Monday, November 14 @ 9:00am HW3 Due
Monday, November 14
Wednesday, November 16
Friday, November 18
Reverse Proxy Servers
Week 13
Monday, November 21
No Class
Wednesday, November 23
No Class
Friday, November 25
No Class
Web Apps
Week 14
Monday, November 28
Deployment with docker-compose
Wednesday, November 30
Deployment with docker-compose
Wednesday, November 30 @ 11:59pm Deadline to sign up for a presentation time
Friday, December 2
Deployment with docker-compose and certbot
Week 15
Monday, December 5 @ 9:00am HW4 Due
Monday, December 5
Project Presentations
  • Web Wizards.
  • 10 out of 10
  • MYPT
  • Nautical Nonsense
Wednesday, December 7
Project Presentations
  • ;DROP TABLE Groups;
  • Byte Crunchers
  • OneBeltOneRoad
  • MuggleMuggle
Friday, December 9
Project Presentations
  • Team 12
  • Le epic hax0rs
  • import length
  • 5bytes
Friday, December 9 @ 11:59pm Project Deadline
Wednesday, December 14
Project Presentations @ 3:30PM - 6:30PM in NSC 225
  • 404
  • The Hooligans
  • rand6
  • The Wily 5
  • AI Jesse
  • NFTY
  • eSlay
  • Programming Squad
  • theCoders
  • Steins;Gate
  • UniMarket
  • WebDevPro