 Okay, so let's have a look at all the stuff we have covered. This is the original schedule. So we started with the introduction at the network basics. And as I discussed back then, a lot of the things we covered on HTTP, you probably understood much, much better after the rest lectures and especially after doing assignment three. So it might not be a bad idea to revisit that lecture and look at it with that fresh set of eyes. Now then we went into the front end part, HTML, CSS and JavaScript and you did assignment two on that, primarily assignment one on HTML and CSS. So they have some idea. Then we dove right into backend. So we did the theoretical lectures on rest and then the more practical stuff on Node.js and Express. And we ended with testing and debugging. So we started with client side testing and debugging and then now 20 and 21 we covered server side. In addition to all of this with its security, so we did lecture 18 authentication authorization at that lecture 19 on web security vulnerabilities and threats. So we have covered all of this. We are in schedule and we still have one buffer lecture where we can do either repetition or something else or just skip the entire lecture. Now lecture 14 was an introduction to server side JavaScript. We started with a bunch of advanced JavaScript concepts. So we went into the disk keyword into arrow functions and then went down into immediately invoked function expressions. So this is what we needed to get to the module pattern. So how to do modules that we can actually hide things. And I did this mainly because it's very common in, for example, Node.js to use modules, not necessarily because you have to write IFEs yourself. And similarly, the disk keyword and arrow function is something that you see very often in existing libraries. So I thought it was important to introduce this. IFEs and the module pattern are more on a theoretical level. So this is something that you might recognize again in other programming languages, even if it's not exactly the same, but it's for example, very common to do encapsulation for instance. Then the second part of this lecture was about Node. So how to execute programs in Node, importing, exporting Node modules, and then a little bit on the Node package manager, how to create new projects, install modules, install dependencies and run things. And finally, we did a very basic HTTP server that just answered to each request the same thing. And in the live lecture, I explained a bit around express.js, how to do this in a more structured way and a nicer way. That lecture 15 and 16 was on rest, and this is really purely a theoretical concept. It's something that you can definitely reuse even if the programming languages change because this has remained the same since the 90s. So it's a proven concept that is one of the reasons why the internet really works as it does. So this is, initially I did the layered architecture style, which is underlying rest, so how to separate a programmer system into multiple layers, like the front end, the back end and the database layer. And then I went into rest itself. So rest has these six constraints, client servers, datelessness, cacheability, layered system, uniform interface and codon demand, which is optional. And then the important stuff for us is mainly hidden in the uniform interface because a lot of the other things like client server and cacheability you get by using HTTP. So uniform interface is interesting when we design APIs, how to name things, how to structure the URLs and so on. I also introduced a number of guidelines for restful APIs. They are technically not part of the rest style, but they are often recommended when you write your own API as you did in assignment three. So that's, for example, the recommendation to use the HTTP method works for the create read write operations. That in lecture 17, we implemented restful APIs. So we looked into this to do application in Node.js and Express.js. So we just looked at a full example where we started off without any persistence. So we just saved our users our node in the memory. And then we also looked at how to do this if we would use a database and how to deploy this to the cloud, in the case of Heroku. But a lot of it in the beginning was about naming the different endpoints. And in the live lecture, I did the same but with chess applications. So something that is a bit different than this kind of regular reading and writing of different resources. In lecture 18, we went down into security. So we started off discussing attack surfaces. What kind of things can you attack? And then we had, for example, the network view, the application view. And we saw that there is, there are a lot of options for intruding somewhere. So it's quite important to make your application work well but even if someone reads requests, for example, essential information is not revealed. And as a part of that, we looked then into authentication authorization. And we did an example of HTTP basic auth and on hammock request signing. These things are all, we did some practical things, some practical side of it, but there is a lot of theoretical background behind that. So this is knowledge you can reuse even if the technology changes. In lecture 19, we went into security vulnerability. So all the issues that an application can have that you can attack them. We looked at the OWASP top 10, which is one of the common lists that lists sort of the most important, the most common threats, the vulnerabilities on the internet. And we looked at the ones that are underlined here. So the eight out of 10. Additionally, we took a very short look at cross-site request forgery. And then in the live lecture, I did hacking of juice shops. So I just showed you the different things you can do. These things are very important and they're also technology independent. So all of these attacks have been around for a very long time. And some of them might not be possible if you use certain technology, but it's generally important to know about them. And they only change slowly. So it's not very common that a new one comes up that hasn't been around for a long time. Lecture 20, we started with testing and debugging. So I showed you the linter static analysis of JavaScript code that you can use to enforce code styles, but also to flag potential errors. We looked at a debugger, how to debug node applications. Before that, we only used the browser for debugging. And of course, on the server side, we cannot do that. So we looked into that. And then we went down into unit testing of node applications, what kind of things to test for, what kind of things to assert, what kind of cases to look at, and then into actual unit testing. So replacing functions, other external dependencies with fake code with things that do exactly what we tell it to do. And this we concluded then in lecture 21. So we went from unit testing to endpoint testing, so testing our HTTP request responses. And this was really quite a practical thing because we primarily looked at the CHI HTTP module, different examples how to do this, and that in the live lecture, we did quite some practical tests on our to-do application for this. There were some general things, we discussed a bit, okay, what does it mean that a response is correct? What kind of things do we want to check for and so on? And finally, we looked into the distinction between white and black box testing so that in white box testing, you have to check the state of your application in black box testing. You just look at the input and output, you don't care what's going on inside. So, and those things are again, very general, very principle things. The technology side, the practical side of the lecture is something that of course changes over time. So, different technology, different language, you will use different libraries. So, that's what we covered in the lecture. There is only one reference that is exam relevant and that's in lecture 15, 16, the rest book. So, I would recommend you to read that. It will also, if you haven't done that yet, it will probably quite a bit improve your understanding of rest. I would also recommend you to go to the OWASP top 10 list that we showed in lecture 19. So, it was this PDF of all the different vulnerabilities because that's maybe the most condensed way of explaining what those things do. So, that's a recommendation. It's not mandatory to read that. That's completely up to you. Okay, the next lecture, 23, is mainly the final one. We look a bit at the exam. What is relevant for the exam? How to study for it? Some example questions, but that's it then. So, then there's only lecture 24 left, which is a buffer lecture. If you have any input on that, write on Piazza. But that's it for now. Thanks for listening.