Copyright 2017 - CSIM - Asian Institute of Technology

Web Application Engineering

Course code: AT70.12
Credits: 3(2–3)
This course is required

Course objectives

The World Wide Web has already revolutionized the way we work, learn, and publish. The Web not only dramatically increases the size of the potential audience for our content, but also makes it possible to bring physically disparate people together into more tightly-knit communities than hitherto possible. In this highly distributed and collaborative environment, Web application developers face the triple challenge of 1) system complexity, 2) massive concurrency, and 3) a fickle user base always ready to abandon one site for the next. In this course, students will learn to cope with these challenges by using appropriate technology and a user-centered approach to the design and construction of large-scale Web applications.
AT70.12 is a project-oriented course in which student teams will be paired with client organizations needing online community collaborative learning and information sharing systems. Using a Web server, programming language, and relational database of their own choice, students will take the system from an initial concept through the stages of requirements specification, design, implementation, and usability testing. Along the way, focused laboratory sessions will give students experience with specific technologies and techniques useful across many applications, and lectures will introduce students to the most recent developments in enterprise application frameworks, middleware, and thick clients. Students successfully completing Web Application Engineering will be competent database-backed Web application developers capable of designing, deploying, and maintaining large-scale services like

Learning outcome

Web technology background. Software architecture for Web applications. Data modeling. Version control. Web application security. Ajax. Web services. Scaling Web applications.


Programming experience.

Course outline

I.        Web technology background
II.      Software architecture for Web applications
1.     Layering
2.     Model-View-Controller pattern
3.     Modern MVC frameworks
III.     Data modeling
1.     SQL
2.     Database normalization
3.     Object-relational mapping
IV.     Version control
V.      Web application security
1.     Attack methods
2.     Client authentication best practices
3.     Cross-site scripting (XSS) and SQL injection attacks
4.     Framework support for security
VI.     Ajax
1.     Client-side scripting
2.     Browser support for asynchronous behavior
3.     Ajax toolkits and frameworks
4.     Ajax components
5.     Comet and reverse Ajax
VII.   Web services
1.     Representational state transfer (REST)
2.     Resource-oriented analysis and design
3.     Remote procedure call (RPC) services
VIII. Scaling Web applications
1.     Bottleneck analysis
2.     Scaling strategies

Laboratory sessions

Installing Linux, Apache, and PostgreSQL; Ruby on Rails; JSP; Eclipse IDE; User authentication; Flex; Ajax; REST; Load balancing.

Learning resources


E. Anderson, P, Greenspun, and A. Grumet.
Software Engineering for Internet Applications, MIT Press, 2006. Available free online at


None. [Online resources such as experts' blogs are more important.]

Reference books

M. Andrews and J.A. Whitaker. How to Break Web Software:
Functional and Security Testing of Web Applications and Web Services, Addison-Wesley, 2006.
H. Bergsten.
JavaServer Pages, 3rd edition, O'Reilly, 2003.
B. Collins-Sussman, B. Fitzpatrick, and C.M. Pilato.
Version Control with Subversion, 2007. Available free on online at
D. Crane and P. McCarthy.
Comet and Reverse Ajax: The Next-Generation Ajax 2.0, Apress, 2008.
C. Fowler. Rails Recipes,
Pragmatic Programmers, 2006.
M. Fowler. Patterns of Enterprise Application Architecture, Addison-Wesley, 2003.
K. Fu, E. Sit, K. Smith, and N. Feamster,
Dos and don'ts of client authentication on the Web. In Proceedings of the 10th USENIX Security Symposium, 2001.
J. Gehtland, B. Galbraith, and D. Almaer.
Pragmatic Ajax: A Web 2.0 Primer, Pragmatic Bookshelf, 2006.
P. Greenspun.
SQL For Web Nerds, 2006. Available free online at
C. Henderson.
Building Scalable Web Sites: Building, Scaling, and Optimizing the Next Generation of Web Applications, O'Reilly, 2006.
E. Jendrock, J. Ball, D. Carson, I. Evans, S. Fordin, and K. Haase.
The Java EE 5 Tutorial, 3rd edition, Addison-Wesley, 2006. Available free online at
D.C. Johnson, A. White, and A. Charland.
Enterprise AJAX: Strategies for Building High Performance Web Applications, Prentice Hall, 2007.
Murugesan and Deshpande, eds.,
Web Engineering: Managing Diversity and Complexity of Web Application Development, Springer, 2001.
L. Richardson and S. Ruby.
RESTful Web Services, O'Reilly, 2007.
D. Thomas, D. Hansson, L. Breedt, M. Clark, J.D. Davidson, J. Gehtland, and A. Schwarz.
Agile Web Development with Rails, 3rd edition, Pragmatic Programmers, 2008.
M. Weiss,
Patterns for web applications, In Patterns Languages of Programming (PLoP), 2003. Available online at


Project and lab work       - 60%
Midterm Exam               - 20%
Final Exam                    - 20%
Any resources including Internet access are allowed during the exams.

Back to the list


Login Form


School of Engineering and technologies     Asian Institute of Technology