Category Archives: cs-wsu

Building Secure Web Applications

Title: Building Secure Web Applications

Blog Entry:

This week, I developed the issue of web application security- a growing serious field in the software development. With the growing interconnectedness of applications and the increasingly data-driven nature of the application development process, the importance of user information and system integrity is equal to the one of the functionality or performance. The subject is related to the course goals related to the design of systems, software quality, and secure coding practices.

During my research, I paid attention to the general weaknesses that programmers have to deal with, including cross-site scripting (XSS), SQL, and insecure authentication systems. Such weaknesses are usually brought about by a failure to look into security requirements at the initial design phase. As an illustration, the inability to check input correctly may enable attackers to inject bad codes or access classified information. Security by design is based on the idea that protection must be implemented at each stage of development instead of viewing security as an a posteriori.

I also reviewed the industry best practice of enhancing application security. The common attacks are prevented with the help of techniques like the parameterized queries, the enforcement of the HTTPS protocol and encryption of the sensitive data and the use of the secure authentication frameworks. Periodical code inspection, automated testing, and standard compliance, such as the Top Ten guide by the OWASP, make code developers responsible to the creation of more robust systems. I was also informed that a healthy security culture in a development team, wherein the whole team takes the responsibility of securing the data of its users, is as valuable as any technical measures.

This subject matter was echoed in our discussions in the classroom on software reliability and maintainability. Secure code is just like clean code in that the code will be used over a long period. I was intrigued by the fact that the same principles of design made it more secure such as the principles of clarity, simplicity, and modularity. A well-organized system, which is simple to audit, has fewer chances of concealing undetectable weaknesses.

Reflection:

This study has made me understand that the need to develop applications that are secure is not just a technical one, but also a moral obligation. The developers should be able to consider the risks and the safety of users in advance. Security should not be at the expense of usability but rather it should complement usability to produce software that the user can trust. This attitude has motivated me to follow safe coding practices early in my work which includes validating inputs, data handling and sound frameworks.

In general, this discovery broadened my perspective on contemporary software design to include aspects of performance and functionality. Security is a key component of quality software engineering like never before. With these principles combined, I am more confident that I will be able to create applications that are efficient and scalable, besides being user-safe in the ever-digitized world.

Next Steps:

Next time, I will test some security orientated tools in the form of penetration testing systems and auto vulnerability scanners. I will also consider reading more on OWASP guidelines as a way of enhancing my knowledge on emerging threats and mitigation controls.

From the blog CS@Worcester – Site Title by Yousef Hassan and used with permission of the author. All other rights reserved by the author.

Effective API Design

I have been reading one of the articles by Martin Fowler titled APIs: Principles and Best Practices to Design Robust Interfaces. It discusses how API, or small bridges that are known as Application Programming Interfaces, enable various software systems to communicate and keep up with one another. Fowler emphasizes such points as the clarity of words, offering simplicity, being consistent, and not having to break old versions, and supports it with real code demos and real-life scenarios. It is a combination of theory and practical tips, so every person, who is interested in software design, can dive in.

I picked the read as the API design is one of the foundations of software engineering and intersects my course on Software Development and Integration. I prefer scalable apps that keep their heads clean and easy to be connected to by other developers. Exploring the work of Fowler was my form of education on how to create interfaces with sound principles of how to get folks to jump on and expand therein with no hassle. Most of the stuff that remains all theory-heavy is not so in this article but instead it presents actual, practical tactics, just what one needs at school and in the job.

The importance of versioning and maintaining backward compatibility was one of the largest things that I took away in the article. Fowler gives a reminder that APIs must evolve, but not exist to ruin other clients, which will require you to plan, test, and discuss with your users. That resonated with me as in group projects I had done before, a minor change to our module could bring down the line. Upon reflection, the well-planned API design rules seem to be the instinctive means of preventing such headaches and wasting less time.

I also liked the fact that Fowler emphasized intuitive naming and consistency. According to him, the more predictable the method names, parameters and endpoints are, the friendlier an API is. It actually saves a fair deal of time to establish a proper structure and hierarchy and results in a significant reduction of mix-ups, accelerates integration, and makes the entire process of dev enjoyable. I have remembered that a considerate design ensures not only the end user as well as the people who actually create with the API, but the ecosystem becomes efficient and simpler to maintain.

In the future, I will apply these tricks to my class projects and whatever work I happen to do in the profession. Whenever I create an API to support the web application or integrate more third-party services, I will focus on clean documentation, predictability, and retaining older versions. Following these rules, I will deliver interfaces that are great, that are easy to maintain, that will assist other developers and that will survive update. This paper has made me even more respectful of the discipline of API design, and I am willing to put these tangible strategies to immediate use.

From the blog CS@Worcester – Site Title by Yousef Hassan and used with permission of the author. All other rights reserved by the author.

Word wide outage

https://www.cnn.com/2025/10/25/tech/aws-outage-cause

The cloud AWS provider experienced a massive outage on oct 20, 2025 that shut down or impacted many of the most popular services and products on the internet like Roblox, and snapchat. The outage was so large many systems and product became unusable. This issue stemmed from a DNS issue where multiple automated systems were trying to update the same DNS entry which then threw a empty field. This empty field then was carried down to other services like EC2 which then caused those to fail and further down into other workflows and other systems that relied on services like EC2. Those failures carried down to Network balancers which essentially snowballed into a enormous mess that wrecked many apps and services. I personally clocked into work with our error handling system and alerts absolutely flooded will alarms and alerts. This became so bad my boss told me to just ignore the errors for the day (One of my sprint tasks is to keep alerts down). I chose this article due to its relevance to testing software and the probable use of git to find out when and where the error occurred. As the use of git bisect could be used to troubleshoot where the issue was introduced into the workflow to find out where the DNS field was assigned to two systems that could trigger at the same time. Furthermore AWS in their statement to the public states that “We know this event impacted many customers in significant ways, We will do everything we can to learn from this event and use it to improve our availability even further” This statement aligns with the values of scrum since it prioritizes openness and respect which AWS gives to its customers by openly documenting the issue that occurred while at the same time stressing the communication with the customers to reassure them in their recovery from the failure. They also follow the AGILE manifesto as they are responding to change over developing a plan since their customers need their services back now, prioritizing getting their services back online rather than documenting and collaborating with customers to have their systems restored. Delivering that they are only releasing their documentation once the system was fully restored under 15 hours showing that they needed to deliver on working software. In a way they could also be benefiting from focusing on individuals and interactions over tools since this error occurred at multiple levels but started at the same point so one tool or process couldn’t immediately understand the root cause.

From the blog CS@Worcester – Aidan's Cybersection by Aidan Novia and used with permission of the author. All other rights reserved by the author.

Keep the Code Simple.

In software development, simplicity is further required in coding. It is the foundation of how software genuinely works. Every line of code we write in system, from short programs to large systems, teaches us one major lesson: keeping code simple leads to stronger, cleaner, and further reliable software. When code is simple, it becomes easier to understand how each part of a program interacts, how data flows through the system, and how changes can be made without breaking additional components.

Throughout our computer science class, we learn that writing code is not just about making something run, it’s about designing how it runs. Concepts like encapsulation, abstraction, and modularity form the heart of this process. Encapsulation keeps data protected and managed within defined boundaries. Abstraction allows us to hide unnecessary details so that only the important parts are visible to the developer. Modularity divides complex programs into smaller, independent sections that can be developed, tested, and improved separately. These principles not only make programs easier to understand but also reflect how big software plans are built in real-world projects.

Simplicity also plays pivotal role in collaboration. When multiple developers work on the same clear and consistent code, it allows everyone to read, modify, and contribute without confusion. In our group projects, clear code helps everyone understand and contribute easily. Even when we continue working from home, the project feels simple and organized, not stressful. This clarity saves time, reduces errors, and keeps teamwork smooth.

Another reason simplicity matters are maintenance. As we study different programming software models, we see that maintaining complex code can become easy to modify and frustrating. Clean, readable code allows group members to trace logic quickly and identify issues before they cause system failures. This is why experienced programmers often say, “Code is read more often than it is written.” The goal is not to write the most advanced or impressive code, but to write the most understandable and dependable one.

Keeping code simple also encourages better thinking. It forces us to focus on problem-solving rather than decoration. By keeping things simple, we learn to study the requirements carefully, organize the program’s structure wisely, and create efficient code that works effectively without unnecessary lines. Simplicity shows real understanding of how software functions at its core.

As I continue learning software design, I realize that simplicity is not the opposite of intelligence, it is the best outcome of experience and clarity. The coders don’t make code complex; they make it clear. True creativity in programming lies not in how much we write, but in how well it makes as simple—and that always begins with keeping the code simple.

From the blog CS@Worcester – Pre-Learner —> A Blog Introduction by Aksh Patel and used with permission of the author. All other rights reserved by the author.

Blog Post for Quarter 2

October 21st, 2025

Recently, my class has been going over stuff regarding teamwork and ways to approach building a software or product. For example, the waterfall method, agile methodology, and scrum have come up in discussion. This has reminded me of POGIL since POGIL was a group used in the classroom semi-frequently.

Because of this correlation, I decide to look at blogs about POGIL. However, I noticed something interesting about the blog I chose. So I chose two just because I found some things interesting. The first was made with WordPress.com, much like the one I’m making here. It was about POGIL. The blog appeared to just be called “The POGIL Project.” Or, that’s what I have surmised after looking at the web address. Additionally, there was some interesting notes regarding how it appears to be designed for faculty teaching or implementing POGIL based team activities. However, the last post appears to be in 2015, which is not as recent as I’d like. (However, there appears to be someone who has the same name as the author of this blog who is cited to be impactful to the development of POGIL. Which is pretty cool, though I couldn’t concretely find evidence that they were the same person.)

So, I looked for an alternative. The author was not listed which isn’t great but it is recent. It appears to also be about POGIL. But the most interesting part was how it was applied to science as opposed to actual computer science. Actually, both blogs do that as well.

This new blog I picked was basically an overview of how POGIL works and why it is good to use. It overviewed the reasons why POGIL is used and what it is intended to do. It basically overlaps with what I know about POGIL already.

In a way, this is interesting in how this mean POGIL is both universal and useful. It isn’t just a weird Computer Science class thing we do, it’s an actual science thing. Which is definitely more interesting to know about considering I rarely encountered POGIL before college. It probably won’t really affect my opinion on POGIL but it is mildly interesting how it is something that I’ll see around. I guess I can keep that in mind.

FIRST INITIAL BLOG: https://thepogilproject.wordpress.com/

SECOND, REVIEWED BLOG POST: https://www.transtutor.blog/pogil-guide-high-school-biology

From the blog CS@Worcester – Ryan's Blog Maybe. by Ryan N and used with permission of the author. All other rights reserved by the author.

Blog Post for Quarter 1

October 5th, 2025

Recently, I’ve been working on using Git. This came in the form of using a little bit of GitHub, a little bit of GitLab, and the textbook made to help instruct me on how to use them. I began to learn the basics of repositories, and how to make edits and pull requests.

For example, I am now able to create a fork from a repository, create a remote origin, a clone of that onto my local device, make edits using Visual Studio Code, stage those edits, commit those edits, push those edits back to my remote origin, then establish a pull request. And a little bit more. So far, this Quarter of my class has been pretty interesting. I will note how the public changes and such are very interesting to me. I don’t usually like being in public places often because I assume I should be competent before doing anything in public, but oh well.

For the blog post I selected, I wanted to know just a smidge more about Git, since I was learning about it. (This will be linked below at the bottom of this post.) It mostly discusses the future plans for Git and potential for AI.

Honestly, there isn’t much for me to really do from this. I just note how AI appears to be Git stuff I currently use, so that’s mildly interesting. Though, I found it interesting that Git, much like I, is currently developing. It’s fun to think about how I learn and improve as a person that other things in the world are doing the same. While they are wildly different contexts, I find it cool. Everything is always changing and such. Even as I learn, I make notes that aren’t in the textbook to myself. Git will probably always get things added by various different people as well.

It encourages and intimidates me in some way. It’s very cool that by the time I “get caught up” it’ll be better than what I’m currently using, but at the same time, what if everything I learned becomes redundant? Though, for me, I was always a person to enjoy experiences, and I never really liked the idea of a limit. If anything, it is just more “fun” for me. There’s more to learn and I’ll never be caught up. My experiences will lead to my growth, so when the time comes, I’ll be much more suited to using the new tools that arrive.

https://github.blog/open-source/whats-next-for-git-20-years-in-the-community-is-still-pushing-forward/

From the blog CS@Worcester – Ryan's Blog Maybe. by Ryan N and used with permission of the author. All other rights reserved by the author.

Unlocking Encapsulation: Why Data Hiding Matters

I came across an article on Titled “Encapsulation in Object Oriented Programming”. It Explores in detail about the core principles of object-oriented Programming (OOP): encapsulations. Although I had already heard about this concept in computer science class, that time just covered the minor details and definition without really understanding why it is so important in practice. Reading this article helped me see encapsulation in a new way, especially through real-world examples and comparisons that made the idea much easier to grasp.

               Encapsulation is explained as hiding the internal details of a class and only allowing controlled access through methods. This is usually done by keeping variables private and providing getters and setters for interaction. According to the article, errors can easily occur when other program pieces change an object’s state directly in the absence of encapsulation. However, with encapsulation, updates are subject to predetermined guidelines, maintaining the system’s unity and security.

               One of the examples that stood out to me compared encapsulation to locking a house. If all the doors and windows are left open, anyone can come in and move things around. In programming terms, that would be like exposing all fields of a class as public. By contrast, encapsulation is like keeping the house locked and only providing a few keys for safe entry. In the same way that you wouldn’t give full write access to everyone on a GitHub repository, you don’t want every part of a program to freely change the internal state of your objects. Instead, you provide limited access—like adding collaborators with specific permissions or using pull requests for controlled changes. This analogy helped me understand why developers stress the importance of data hiding: it keeps things organized, prevents misuse, and ensures that changes happen in a safe, predictable way.

               The article provided an actual scenario using a bank account class. Any piece of code might set a balanced variable to a negative value if it is public, which would go against the program’s logic. However, the application may set restrictions like “balance cannot go below zero” if the balance is private and is only accessible via the deposit() or withdraw() methods. This demonstrated to me how encapsulation guarantees that critical rules are always observed while also hiding information.

               What I learned from the article is that encapsulation goes beyond coding style—it’s about safeguarding data and ensuring programs behave correctly. A helpful way to picture it is how GitHub handles collaboration. Instead of letting everyone edit the main project directly, contributors usually fork the repository, make changes in their own copy, and then open a pull request for review. This process keeps the main branch stable while still allowing improvements, like what we practiced in our CS343 and CS348 classes at WSU.

               Overall, the article provides the details we need to practice and build stronger knowledge in the basics of the field.

References:

“Encapsulation in Object Oriented Programming” by AKshay Raut (Medium)
↪ https://akshayraut.medium.com/encapsulation-in-object-oriented-programming-4cfb0ee28f12

FreeCodeCamp. (n.d.). The Four Pillars of Object-Oriented Programming. https://www.freecodecamp.org/news/four-pillars-of-object-oriented-programming/

From the blog CS@Worcester – Pre-Learner —> A Blog Introduction by Aksh Patel and used with permission of the author. All other rights reserved by the author.

Introduction Blog

Hello, My name is Aksh Patel, and this is my introduction blog. I am a senior year Worcester State University student. My major is Computer Science and i am more interested Design Technique.

I will take CS-343 class to learn about more in my interesting stuff.

From the blog CS@Worcester – Pre-Learner —> A Blog Introduction by Aksh Patel and used with permission of the author. All other rights reserved by the author.

Introduction to CS-348 Blog!

To all of the CS-348 students, welcome to my CS-348 blog!

This is where I will write about some new techniques that you may or may not be familiar with in computer science, particularly software management. From here, we can all learn together and share our knowledge, which can improve our programming skills throughout the semester.

A little bit about myself, my name is Nguyen Vuong. I’m a senior Computer Science major at Worcester State University. As a senior, I’m happy to share my knowledge and skills in the hope that it could help you get through the years more easily.

I also make mistakes a lot, and love to learn new things. So, feel free to share what you have, and we will all study it together! Let’s all look forward to a great year!

Nguyen Vuong

From the blog CS@Worcester – Nguyen Technique by Nguyen Vuong and used with permission of the author. All other rights reserved by the author.

Introduction to CS-343 blog

To all of the CS-343 students, welcome to my CS-343 blog!

This is where I will write about some new techniques that you may or may not be familiar with in computer science, particularly software construction and architecture. From here, we can all learn together and share our knowledge, which can improve our programming skills throughout the semester.

A little bit about myself, my name is Nguyen Vuong. I’m a senior Computer Science major at Worcester State University. As a senior, I’m happy to share my knowledge and skills in the hope that it could help you get through the years more easily.

I also make mistakes a lot, and love to learn new things. So, feel free to share what you have, and we will all study it together! Let’s all look forward to a great year!

Nguyen Vuong

From the blog CS@Worcester – Nguyen Technique by Nguyen Vuong and used with permission of the author. All other rights reserved by the author.