Angular Security Workshop with Dr De Ryck (English, Online)

Angular applications disrupt the traditional web security landscape, and finding reliable security advice is hard. This workshop provides Angular developers with the answers to all their security questions.

 

With a mix of lectures, demos, quizzes, and hands-on labs, participants discover best practices for building secure Angular applications. We investigate how to use and configure security mechanisms available in modern browsers. We explore how Angular handles security out-of-the-box, along with common mistakes that circumvent these protections. Additionally, we discuss scenarios that address common questions, including secure data storage in the browser and secure token handling when using OAuth 2.0 or OpenId Connect.

 

This workshop offers practical and immediately applicable security advice for Angular developers. Throughout the workshop, Philippe is available to answer any questions, including concrete scenarios applying to your own applications.

Some Impressions

 

 

We are all connected via a Browser-based virtual classroom.

 

 

Lots of demos and interactive challenges guided by your trainer.

 

Didactic Approach

 

The workshop consists of a mixture of lectures, demos, interactive quizzes, and hands-on labs. The lectures provide in-depth knowledge of attacks and defenses. The hands-on labs are conducted in a custom-built competitive training environment, allowing participants to gain hands-on experience with offensive and defensive technologies.

Highlights

 

  • ✅ Completely online – no travel required!
  • ✅ Interactive: ask questions and participate in discussions
  • ✅ True understanding of problems, solutions, and their trade-offs
  • ✅ High-quality course materials to use as a reference
  • ✅ Lots of demos and lab sessions
  • ✅ Labs remain accessible after the workshop

Your Trainer: Dr Philippe De Ryck, GDE

 

Dr Philippe De Ryck speaking about Security

 

Philippe De Ryck helps developers protect companies through better web security. His Ph.D. in web security from KU Leuven lies at the basis of his exceptional knowledge of the security landscape. As the founder of Pragmatic Web Security, Philippe delivers security training and security consulting to companies worldwide.

 

Philippe is a Google Developer Expert and an Auth0 Ambassador/Expert for his community contributions on the security of web applications and APIs. Philippe has been speaking about Angular security since AngularJS 1.x, and is widely recognized as an Angular security expert.

Prerequisites

 

  • ✅ Familiarity with building Angular applications.
  • ✅ Access to a computer with a modern browser (Chrome is recommended)


15.03. - 16.03.2021

Date & Time:

15.03.2021, 9:00 CET - 16.03.2021, 17:00 CET

Location:

Remote

English

Your Trainers:

Dr Philippe De Ryck, GDE

Contents



Introduction

  • Origins, sites, and domains
  • UI redressing attacks
  • Browser-based data leakage
  • Configuring browser security headers

Dealing with Malicious JavaScript

  • Introduction to Cross-Site Scripting (XSS)
  • XSS defenses in Angular
  • XSS pitfalls in Angular
  • XSS and server-side rendering
  • Using Trusted Types with Angular
  • XSS and server-side rendering

Deploying Content Security Policy

  • Introduction to Content Security Policy (CSP)
  • Common security mistakes in CSP policies
  • Deploying CSP for Angular
  • Practicalities about CSP

Advanced client-side security features

  • Security with Subresource Integrity (SRI)
  • Sandboxing untrusted content
  • HTML5 sandboxing strategies

A secure frontend architecture

  • Architectural security patterns
  • Secure data storage in the browser
  • Using the Web Crypto API

Advanced OAuth 2.0 security

  • OAuth 2.0 and OpenID Connect best practices for SPAs and Single Sign-On
  • Circumventing OAuth 2.0 security
  • Introducing the Backend-For-Frontend pattern
  • Security recommendations for using OAuth 2.0 in Angular
  • Outlook to OAuth 2.1

Public Workshops

Always By arrangement

All of our seminars are always available remotely or in-house. Contact us to make an appointment

Remote or In-House

28. 10 -
29. 10
2021

Trainer: Rainer Hahnekamp

Remote

English

23. 11 -
25. 11
2021

Trainer: Manfred Steyer, GDE und Michael Zikes

Remote

English

06. 12 -
07. 12
2021

Trainer: Rainer Hahnekamp

Remote

English

Only One Step Away!

Send us your inquery today - we help you with pleasure!

Jetzt anfragen!