Protect your business-critial Angular applications!
- Duration: 2 Days
- Remote: 27.02.2023
- Group discount available
- Individually scheduled
- In-house or remote
- Discount for groups >8 participants
Proven Interactive Workshop with Labs and Discussions
Angular applications disrupt the traditional web security landscape, and finding reliable security advice is hard. This workshop provides Angular developers with the answers to all their security questions.
With a mix of lectures, demos, quizzes, and hands-on labs, participants discover best practices for building secure Angular applications. We investigate how to use and configure security mechanisms available in modern browsers. We explore how Angular handles security out-of-the-box, along with common mistakes that circumvent these protections. Additionally, we discuss scenarios that address common questions, including secure data storage in the browser and the use of OAuth 2.0 and OpenID Connect.
This workshop offers practical and immediately applicable security advice for Angular developers. Throughout the workshop, Philippe is available to answer any questions, including concrete scenarios applying to your own applications.
Selected Topics (full list below)
✅ Common security mistakes in CSP policies
✅ Advanced HTML5 sandboxing techniques
✅ Configuring browser security headers
✅ Security recommendations for using OAuth 2.0 in Angular
✅ Advanced OAuth 2.0 and OpenID Connect Security
Selected Feedback from Previous Participants
💬 In-depth knowledge presented and interesting conversations. All questions were answered.
💬 The clear presentation of difficult topics. The Q&A. And also the practice exercises. It all helps a lot to let things sink in.
💬 The workshop was really pragmatic as promised!
💬 I liked the expertise of the presenter. Also: Presentation style, labs, quizzes, etc.
💬 Highly recommendable!
✅ Online version: 100% remote – No travel required!
✅ Interactive: ask questions and participate in discussions
✅ True understanding of problems, solutions, and their trade-offs
✅ High-quality course materials to use as a reference
✅ Lots of demos and lab sessions
✅ Labs remain accessible after the workshop
Selected satisfied customers
The course of the training at a glance
- Origins, sites, and domains
- UI redressing attacks
- Browser-based data leakage
- Configuring browser security headers
- Introduction to Cross-Site Scripting (XSS)
- XSS defenses in Angular
- XSS pitfalls in Angular
- XSS and server-side rendering
- Using Trusted Types with Angular
- XSS and server-side rendering
Deploying Content Security Policy
- Introduction to Content Security Policy (CSP)
- Common security mistakes in CSP policies
- Deploying CSP for Angular
- Practicalities about CSP
Advanced client-side security features
- Security with Subresource Integrity (SRI)
- Sandboxing untrusted content
- HTML5 sandboxing strategies
A secure frontend architecture
- Architectural security patterns
- Secure data storage in the browser
- Using the Web Crypto API
Advanced OAuth 2.0 security
- OAuth 2.0 and OpenID Connect best practices for SPAs and Single Sign-On
- Circumventing OAuth 2.0 security
- Introducing the Backend-For-Frontend pattern
- Security recommendations for using OAuth 2.0 in Angular
- Outlook to OAuth 2.1
03. 11 13:00 - 17:30 (CET)
09. 05 09:00 - 17:00 (CET)
Manfred Steyer is a Google Developer Expert (GDE) for Angular and Tursted Collaborator in the Angular team. Together with his team, he looks after customers in the entire German language area. The focus is on business and industrial applications based on Angular.