Learners will investigate the technologies and techniques used to produce secure web applications for controlling physical devices over the internet. They will explore the principles of web server scripting and design, develop and test a web application to remotely control a physical device.
Understand web technology and how it is used to control physical devices over the internet.
Web controlled devices: building management systems – lights, curtains and environment control systems such as heating and cooling, visual devices – camera, telescope, domestic appliances – television, washing machine and baths, industrial – process monitoring, control and fault diagnosis, other – wearable technology and surgical robots, remote devices in inaccessible or dangerous locations – spacecraft, subsea planetary landers, bomb disposal, (ROVs).
Web scripting languages: PHP, ASP, Ruby on Rails, Java, ColdFusion, issues surrounding the use of scripting languages with regard to server requirements, scalability, documented support, cost, ease of use, security.
Tools and techniques: World Wide Web Consortium (W3C) standards, HyperText Markup Language (HTML), HTML5, tables, forms, text field, text area, buttons, radio buttons, check boxes, navigation, menus, hyperlinks (internal and external), anchors, interactive components – hotspots, pop-ups, buttons, menus, rollover images, Cascading Style Sheets (CSS), e.g. background colour, background images, text formatting, borders, padding, heading styles, element position.
Principles of web server scripting: usability, site layout, accessibility, spacing, navigation, client- and server-side scripting, content, database solutions – MySQLi, Oracle, hosting – shared server solutions, virtual private server (VPS), dedicated server.
Application structure and how server scripting is applied to web applications: multi-user/rank login systems, file uploading, storing data in databases – user registration details, login credentials, environment settings, error logs.
Limitations of server scripting: inability to access client-side file system, inability to read local client environment information.
Client-side scripting languages: embedding client-side scripts into web pages can allow for more interactivity and improve usability.
Client-side scripting: types of scripting languages – JavaScript, VBScript, uses of scripting languages – alerts, confirming choices, browser detection, creating rollovers, checking and validating input, handling forms, constructs – syntax, loops, decision-making functions, parameter passing, handling events, methods.
Server-side scripting: programming constructs used in a server scripting and web application development, including: logic and operators – AND, OR and NOT, variables – global, local, integer, float, string, server, sessions and cookies, functions (including passing data between), variable and function naming conventions, string manipulation – concatenation, string searching, arrays, including two-dimensional, conditional statements – if/else, switch, loops – for, while, do/while, server side – libraries, menu files, header/footer files, programming efficiency – input validation, minimising potential for user error, bypassing unnecessary subroutines, mathematical manipulation of numerical data – random number generation, modulus, sending data using POST and GET methods.
Explain the purpose and use of web controlled devices.
Explain the different scripting languages, tools
and techniques used when developing web controlled devices.
Explain how web server scripting principles are applied in web controlled devices.
Understand security measures used to protect web applications from malicious attacks.
Web security threats: malware, spoofing – a user masquerading as another, eavesdropping – monitoring data to uncover passwords, spamming – denial of service (DoS) attack, out of band – targeting low level system functions to gain control.
Vulnerabilities: human error (user error), accidental deletion of software or data, leaving weaknesses – escalation of privileges, poor authentication and use of encryption, data not validated, malfunction in hardware or software leading to vulnerabilities.
Security measures: data sanitisation before querying databases, predictable folder structures and their vulnerability, the use of abstraction layers when manipulating databases, encryption methods: – symmetric cryptography systems – asymmetric cryptography systems (public-key cryptography), Structured Query Language (SQL) injection prevention, impact of security protection measures on web application performance.
Understand security measures used to protect web applications from malicious attacks.
Explain security measures used to protect web applications.
Be able to design, develop, test and document a web application to remotely control a physical device to meet requirements.
Design documentation: problem definition statement – intended user, full summary of the problem to be solved, constraints, benefits, nature of interactivity, complexity of site, research of similar web application products, initial design ideas/prototypes, diagrams, illustrations, wireframe, site maps, realistic representations, alternative design ideas/prototypes, including compatibility with mobile/tablet devices, original scripting design tools and techniques – pseudo code, flow charts, test plan with test data, to test functionality , technical and design constraints (browser or device compatibility).
Produce planning and design documentation for a web application to remotely control a physical device.
Develop and test the web application to remotely control a physical device.
Create technical documentation for the support and maintenance of the web application.