API Security Workshop with Dr. De Ryck
Workshop for Building Secure Backends
Learn to Protect Your Critical APIs!
Remote & In-House
2 days
Some experience with web development.
Labs, Quizzes, Experiments
Also available as a company workshop
- Duration: 2 days
- Next Date: TBA
- Group discount available
- Individually scheduled
- In-house or remote
- Discount for groups >8 participants
Proven Interactive Workshop with Labs and Discussions
Building secure APIs and microservices is hard, really hard. Not only do you have to make the right architectural security decisions, you also have to be aware of various implementation vulnerabilities to ensure the security of your applications. This workshop provides API developers with the necessary knowledge to assess and improve the security of their APIs.
Didactic Approach
With a mix of lectures, demos, quizzes, and hands-on labs, participants discover best practices for building secure APIs. We investigate various techniques to implement authentication and authorization, along with their trade-offs and pitfalls. We dive deep into handling JSON Web Tokens, but also discuss the relevance of browser security features such as Cross-Origin Resource Sharing. Additionally, we discuss current best practices for securing an API with OAuth 2.0.
Learning Goal
This workshop offers practical and immediately applicable security advice for API developers. Throughout the workshop, Philippe is available to answer any questions, including concrete scenarios applying to your own applications.
Code Examples
Code examples and demos often use NodeJS and Spring Boot, but are easy to translate to other languages and frameworks.
Highlights
✅ Online version: 100% remote – No travel required!
✅ Interactive: ask questions and participate in discussions
✅ True understanding of problems, solutions, and their trade-offs
✅ High-quality course materials to use as a reference
✅ Lots of demos and lab sessions
✅ Labs remain accessible after the workshop
Selected satisfied customers
The course of the training at a glance
Introduction
- The security model of APIs
- Foundational API security principles
- Configuring API security headers
API authentication and authorization
- Basic API authentication techniques
- Advanced API authentication
- Common API authorization failures
- Enforcing API authorization
- API authorization best practices
The nonsense of "cookies vs tokens"
- Managing user state in REST APIs
- The good, the bad, and the ugly parts of cookies
- Understanding Cross-Origin Resource Sharing (CORS)
- Trade-offs and best practices
JSON Web Token security
- Understanding the security features of JWTs
- Practical JWT use cases
- Common JWT security pitfalls
- Token management challenges
- Solving key management for JWTs
- JWT security best practices
Securing APIs with OAuth 2.0
- Access token types
- Making authorization decisions with access tokens
- Effectively using scopes and permissions
- Outlook to OAuth 2.1
13. 07 13:00 - 17:30 (CET)
Angular Architecture Workshop
22. 08 09:00 - 16:30 (CET)
Playwright Workshop
25. 08 14:00 - 18:30
Cypress Workshop
28. 08 09:00 - 16:30 (CET)
Advanced TypeScript
07. 09 09:00 - 16:30 (CET)
Modern Spring-Backends for Angular
26. 09 09:00 - 17:00 (CET)
Angular Security with Dr De Ryck
Manfred Steyer is a Google Developer Expert (GDE) for Angular and Tursted Collaborator in the Angular team. Together with his team, he looks after customers in the entire German language area. The focus is on business and industrial applications based on Angular.
