API Security Workshop with Dr. De Ryck

Workshop for Building Secure APIs and Backends
Learn to Protect Your Critical Solutions!
Duration
2 days
Next event
Fall 2023
Level
Basic Knowledge Web Development
Location
Remote
Language
English
Price from
0€

Dr. Philippe De Ryck, GDE

has a Ph.D. in web security, is founder of Pragmatic Web Security, Google Developer Expert and Auth0 Ambassador. Philippe has been speaking about Angular security since AngularJS 1.x, and is widely recognized as an Angular security expert.

Proven Interactive Workshop with Labs and Discussions

Building secure APIs and microservices is hard, really hard. Not only do you have to make the right architectural security decisions, you also have to be aware of various implementation vulnerabilities to ensure the security of your applications. This workshop provides API developers with the necessary knowledge to assess and improve the security of their APIs.

Didactic Approach

With a mix of lectures, demos, quizzes, and hands-on labs, participants discover best practices for building secure APIs. We investigate various techniques to implement authentication and authorization, along with their trade-offs and pitfalls. We dive deep into handling JSON Web Tokens, but also discuss the relevance of browser security features such as Cross-Origin Resource Sharing. Additionally, we discuss current best practices for securing an API with OAuth 2.0.

Learning Goal

This workshop offers practical and immediately applicable security advice for API developers. Throughout the workshop, Philippe is available to answer any questions, including concrete scenarios applying to your own applications.

Code Examples

Code examples and demos often use NodeJS and Spring Boot, but are easy to translate to other languages and frameworks.

Highlights

✅ Online version: 100% remote – No travel required! ✅ Interactive: ask questions and participate in discussions ✅ True understanding of problems, solutions, and their trade-offs ✅ High-quality course materials to use as a reference ✅ Lots of demos and lab sessions ✅ Labs remain accessible after the workshop

Introduction
  • The security model of APIs
  • Foundational API security principles
  • Configuring API security headers
  • Basic API authentication techniques
  • Advanced API authentication
  • Common API authorization failures
  • Enforcing API authorization
  • API authorization best practices
  • Managing user state in REST APIs
  • The good, the bad, and the ugly parts of cookies
  • Understanding Cross-Origin Resource Sharing (CORS)
  • Trade-offs and best practices
  • Understanding the security features of JWTs
  • Practical JWT use cases
  • Common JWT security pitfalls
  • Token management challenges
  • Solving key management for JWTs
  • JWT security best practices
  • Access token types
  • Making authorization decisions with access tokens
  • Effectively using scopes and permissions
  • Outlook to OAuth 2.1

Upcoming events

All of our seminars are always available remotely or in-house. Contact us to make an appointment
No upcoming events found

Individual In-House Company Workshops

All of our workshops are also available remotely or in-house at any time.
Contact us for an appointment

Inquire now

FAQs on our workshops

How do your workshops and courses work?

Our seminars around Angular are a mixture of lecture, live coding and actual exercises. Together we implement what we have learned during the workshop directly on a example project. This mixture guarantees that the course never gets boring and “hands-on” is required instead of gray theory.

Our Angular hands-on workshop is aimed at anyone who wants to develop applications with Angular in the future or is already doing so and now wants to better understand the background, context and building blocks of the framework.

Participants should have basic knowledge of web development (basic knowledge of HTML and JavaScript).

For advanced Angular developers we offer advanced seminars and intensive trainings on specific use cases.

Our trainings take place as public workshops in seminar rooms at central hotels in Germany, Austria and Switzerland. In-House company workshops take place at your office or conference room.

All courses are also available as remote workshops, where we meet online in a virtual classroom and do the training via video calls, screen sharing and live coding.

Our workshops are held by experienced trainers and software architects. In recent years, we have provided Angular training to well-known companies – including well-known banks, insurance companies, industrial groups. Trainers include well-known conference speakers, authors of books and professional articles, bloggers, Google Developer Experts and university lecturers.

Especially for dedicated company trainings, we are happy to accommodate you. Typical times are 9:00AM to 4:30PM / 5:00PM. Some of our English-language workshops are timed so that you can also attend at US friendly times.

Absolutely. In fact, since the pandemic, this has been our main business model and we have had very good experience with it. We use a combination of screen sharing, interactive online whiteboards, and are happy to connect to your computer for support during the exercises if you wish. As with our on-site training, we use a combination of short presentations, discussions, live coding and hands-on labs.

Since there is no travel involved, you also save time and money. We can also respond more flexibly to your scheduling needs.

Yes, very much so. In fact, that’s one of the benefits of dedicated corporate training. You are welcome to weight, shorten or add to our agenda proposals. As a rule, we also coordinate with your trainer about 2 weeks before the training. If you wish, we can also arrange it earlier.

Among other things, Angular’s wide distribution speaks for itself, but also the fact that Google, an Internet giant that also uses the framework very intensively, is behind it. Google alone has over 2600 solutions based on it. Due to the wide distribution, there is a large community and thus a lot of know-how on the market as well as (free and commercial) products that are adapted to Angular. In addition, Angular provides much of what you need for large applications out of the box: test automation, form management, routing, etc. In this respect, you get a stack whose components are coordinated and work together in the long term.

The good news up front is that participants with different levels of prior knowledge are the rule, not the exception, in adult education. That’s why you’ll find optional fade-in hints and bonus exercises on our exercise sheets, for those who are a little faster. Of course, we also provide personal support for the exercises.

If you book a company training with us, we leave this decision to you in principle. However, experience shows that there should not be more than 15 participants, especially since a seminar lives very much from questions, discussions and practical exercises.

Please install the following software packages on your computer:

– NodeJS in current version (we test with current LTS version).
– Angular CLI (npm i -g @angular/cli)
– Git
– Visual Studio (free) or WebStorm/IntelliJ (commercial)

Newsletter

Never miss anything - subscribe to our newsletter now!
Please enable JavaScript in your browser to complete this form.

Selected happy customers