Semester Offering: January
The World Wide Web has already revolutionized the way we work, learn, and publish. The Web not only dramatically increases the size of the potential audience for our content, but also makes it possible to bring physically disparate people together into more tightly-knit communities than hitherto possible. In this highly distributed and collaborative environment, Web application developers face the triple challenge of 1) system complexity, 2) massive concurrency, and 3) a fickle user base always ready to abandon one site for the next. In this course, students will learn to cope with these challenges by using appropriate technology and a user-centered approach to the design and construction of large-scale Web applications.

AT70.12 is a project-oriented course in which student teams will be paired with client organizations needing online community collaborative learning and information sharing systems. Using a Web server, programming language, and relational database of their own choice, students will take the system from an initial concept through the stages of requirements specification, design, implementation, and usability testing. Along the way, focused laboratory sessions will give students experience with specific technologies and techniques useful across many applications, and lectures will introduce students to the most recent developments in enterprise application frameworks, middleware, and thick clients. Students successfully completing Web Application Engineering will be competent database-backed Web application developers capable of designing, deploying, and maintaining large-scale services like


Web technology background. Software architecture for Web applications. Data modeling. Version control. Web application security. Ajax. Web services. Scaling Web applications.


Programming experience.


I.        Web Technology Background

II.      Software Architecture for Web Applications
1.     Layering
2.     Model-View-Controller pattern
3.     Modern MVC frameworks

III.     Data Modeling
1.     SQL
2.     Database normalization
3.     Object-relational mapping

IV.     Version Control

V.      Web Application Security
1.   Attack methods
2.   Client authentication best practices
3.  Cross-site scripting (XSS) and SQL injection attacks
4.   Framework support for security

VI.     Ajax
1.   Client-side scripting
2.   Browser support for asynchronous behavior
3.    Ajax toolkits and frameworks
4.    Ajax components
5.     Comet and reverse Ajax

VII.   Web Services
1.     Representational state transfer (REST)
2.     Resource-oriented analysis and design
3.     Remote procedure call (RPC) services

VIII. Scaling Web Applications
1.     Bottleneck analysis
2.     Scaling strategies


Installing Linux, Apache, and PostgreSQL; Ruby on Rails; JSP; Eclipse IDE; User authentication; Flex; Ajax; REST; Load balancing.


E. Anderson, P, Greenspun, and A. Grumet.
Software Engineering for Internet Applications, MIT Press, 2006. Available free online at


M. Andrews and J.A. Whitaker. How to Break Web Software:
Functional and Security Testing of Web Applications and Web Services, Addison-Wesley, 2006.

H. Bergsten.
JavaServer Pages, 3rd edition, O'Reilly, 2003.

B. Collins-Sussman, B. Fitzpatrick, and C.M. Pilato.
Version Control with Subversion, 2007. Available free on online at

D. Crane and P. McCarthy.
Comet and Reverse Ajax: The Next-Generation Ajax 2.0, Apress, 2008.

C. Fowler. Rails Recipes,
Pragmatic Programmers, 2006.

M. Fowler. Patterns of Enterprise Application Architecture, Addison-Wesley, 2003.

K. Fu, E. Sit, K. Smith, and N. Feamster,
Dos and don'ts of client authentication on the Web. In Proceedings of the 10th USENIX Security Symposium, 2001.
J. Gehtland, B. Galbraith, and D. Almaer.
Pragmatic Ajax: A Web 2.0 Primer, Pragmatic Bookshelf, 2006.

P. Greenspun.
SQL For Web Nerds, 2006. Available free online at

C. Henderson.
Building Scalable Web Sites: Building, Scaling, and Optimizing the Next Generation of Web Applications, O'Reilly, 2006.

E. Jendrock, J. Ball, D. Carson, I. Evans, S. Fordin, and K. Haase.
The Java EE 5 Tutorial, 3rd edition, Addison-Wesley, 2006. Available free online at

D.C. Johnson, A. White, and A. Charland.
Enterprise AJAX: Strategies for Building High Performance Web Applications, Prentice Hall, 2007.

Murugesan and Deshpande, eds.,
Web Engineering: Managing Diversity and Complexity of Web Application Development, Springer, 2001.

L. Richardson and S. Ruby.
RESTful Web Services, O'Reilly, 2007.

D. Thomas, D. Hansson, L. Breedt, M. Clark, J.D. Davidson, J. Gehtland, and A. Schwarz.
Agile Web Development with Rails, 3rd edition, Pragmatic Programmers, 2008.

M. Weiss,
Patterns for web applications, In Patterns Languages of Programming (PLoP), 2003. Available online at


None. [Online resources such as experts' blogs are more important.]


Project and lab work       - 60%
Midterm Exam               - 20%
Final Exam                    - 20%
Any resources including Internet access are allowed during the exams.