← Back to Blake's Learning Hub

Lesson 12: Programming for the Web

Module Preview — What's Coming Up
📅 March 2026 ⏱ ~45 min 📖 Preview Lesson 🌐 Year 12 Module 2
🏆

Secure Software Architecture — Complete!

Lessons 7–11 covered the full module: CIA Triad, cryptography, client-side vulnerabilities, hardcoded secrets, social engineering, and security testing. That's a whole Year 12 module done.

What you've covered so far

✅ CIA Triad + AAA Model  |  ✅ Cryptography (AES, RSA, hashing, salting)

✅ SQL injection, XSS, CSRF  |  ✅ Hardcoded secrets + .env pattern

✅ Security through obscurity  |  ✅ Insecure dependencies + supply chain

✅ Social engineering  |  ✅ SAST, DAST, penetration testing

🌐 Next Up: Programming for the Web ~10 min

The next module is Programming for the Web — the one that's probably most relevant to your day-to-day life as a developer. You've already built Volcanic Pantheon, you've hosted it on Vercel, you've set up authentication. You've been doing web programming. This module is about understanding what's actually happening underneath.

When you push code to Vercel and someone in another country visits your site — what is happening? What travels over the network, what does the browser do with it, and how does a server decide what to send back? You'll leave this module with clear answers to all of that.

HSC outcome covered: SE-12-05 — designs and implements solutions for the web, including using networking protocols, client-server architecture, and data exchange formats.

🗺 What We'll Cover ~15 min

Six topics. Each gets its own lesson. Here's the map.

Topic 1

How the Internet Works

DNS, IP addresses, TCP/IP — what actually happens from the moment you type a URL to the moment a page loads. Every request your browser makes follows the same chain of steps.

When someone visits volcanoic-pantheon.vercel.app, this is exactly what fires.
Topic 2

HTTP & HTTPS

The language of the web. HTTP defines how browsers ask for things and how servers respond — including methods (GET, POST, DELETE), status codes (200, 404, 500), and headers. HTTPS adds encryption on top.

Every fetch() call you've written sends an HTTP request. You'll finally see what that looks like raw.
Topic 3

Client-Server Architecture

The split between what runs in the browser (client) and what runs on a server. Static sites, dynamic sites, serverless functions, edge computing — what they are and when you'd choose each.

Volcanic Pantheon is a static site. Vercel Edge Middleware makes part of it server-side. We'll unpack exactly what that means.
Topic 4

APIs and JSON

How services communicate with each other over HTTP. REST API conventions, JSON as the data format, authentication with API keys and tokens. This is how modern apps are glued together.

You've already used API keys (and seen what happens when they leak). Now we go deeper into how APIs actually work.
Topic 5

Databases on the Web

How data gets stored and retrieved — relational databases (SQL), document stores, and how a web server talks to a database to build a response. Includes the full request → server → database → response flow.

This is where the SQL injection knowledge from earlier connects back — you'll see the exact point of attack in the architecture.
Topic 6

Building for the Web

Putting it all together — building a simple web app that handles requests, talks to a data source, and returns a response. Form handling, validation, and what a basic backend looks like in practice.

By the end of this we'll have something that actually runs on a server — not just a static page.

💬 What Do You Already Know? ~10 min

Before we dive into anything, let's see what you already have in your head. Think through these — no pressure to get them right, this is just calibration.

Q1 — When you type a URL into your browser and press Enter, what happens before any HTML arrives?
See what we're looking for

The browser needs to figure out the IP address behind the domain name. That lookup is called DNS resolution — your device asks a DNS server "what IP address does volcanoic-pantheon.vercel.app point to?" and gets back something like 76.76.21.21. Only then can it open a connection and actually ask for the page.

Q2 — What's the difference between GET and POST in a web request?
See what we're looking for

GET requests ask for data — "give me this page, this image, this file." They don't change anything on the server and the parameters go in the URL. POST requests send data — "here's a form submission, here's a login, here's a new record." The data goes in the request body, not the URL. This is why login forms use POST — you don't want the password appearing in the URL bar.

Q3 — You've seen status code 404 before. What does the "4" at the start tell you? What about codes starting with "5"?
See what we're looking for

HTTP status codes are grouped by their first digit: 2xx = success, 3xx = redirect, 4xx = client error (you asked for something wrong or missing), 5xx = server error (the server broke trying to respond). So 404 = "you asked for something that doesn't exist" and 500 = "the server crashed handling your request."

However many of those you knew, that's exactly the right starting point. The module will make all of it concrete with real examples and things you can observe in your own browser.

👀 Things to Notice This Week ~5 min

Before the next lesson, open your browser's DevTools → Network tab (F12 → Network) and reload any page — your own site, YouTube, anything. You'll see every single HTTP request the page makes.

Don't try to understand everything. Just notice:

  • How many requests does loading one page actually trigger?
  • What status codes do you see? Any 3xx redirects?
  • Click on one request and look at the "Headers" tab — can you spot the method and the URL?

We'll break down what you saw at the start of the next lesson.

← Back to Learning Hub