Angular Security Workshop
Dr. Philippe De Ryck, GDE
has a Ph.D. in web security, is founder of Pragmatic Web Security, Google Developer Expert and Auth0 Ambassador. Philippe has been speaking about Angular security since AngularJS 1.x, and is widely recognized as an Angular security expert.
Proven Interactive Workshop with Labs and Discussions
Angular applications disrupt the traditional web security landscape, and finding reliable security advice is hard. This workshop provides Angular developers with the answers to all their security questions.
With a mix of lectures, demos, quizzes, and hands-on labs, participants discover best practices for building secure Angular applications. We investigate how to use and configure security mechanisms available in modern browsers. We explore how Angular handles security out-of-the-box, along with common mistakes that circumvent these protections. Additionally, we discuss scenarios that address common questions, including secure data storage in the browser and the use of OAuth 2.0/2.1 and OpenID Connect.
This workshop offers practical and immediately applicable security advice for Angular developers. Throughout the workshop, Philippe is available to answer any questions, including concrete scenarios applying to your own applications.
Selected Topics (full list below)
✅ Dealing with Malicious JavaScript and XSS
✅ Common security mistakes in CSP policies
✅ Advanced HTML5 sandboxing techniques
✅ Configuring browser security headers
✅ Security recommendations for using OAuth 2.0/2.1 in Angular
✅ Advanced OAuth 2.0/2.1 and OpenID Connect Security
Selected Feedback from Previous Participants
💬 In-depth knowledge presented and interesting conversations. All questions were answered.
💬 The clear presentation of difficult topics. The Q&A. And also the practice exercises. It all helps a lot to let things sink in.
💬 The workshop was really pragmatic as promised!
💬 I liked the expertise of the presenter. Also: Presentation style, labs, quizzes, etc.
💬 Highly recommendable!
Introduction
- Origins, sites, and domains
- UI redressing attacks
- Browser-based data leakage
- Architectural security patterns
Dealing with Malicious JavaScript
- Introduction to Cross-Site Scripting (XSS)
- XSS defenses in Angular
- XSS pitfalls in Angular
- XSS and server-side rendering
- Using Trusted Types with Angular
Deploying Content Security Policy
- Introduction to Content Security Policy (CSP)
- Common security mistakes in CSP policies
- Deploying CSP for Angular
- Practicalities about CSP
Secure Frontend Architecture
- Sandboxing untrusted content
- Architectural security patterns
- Securing tokens in the browser
Advanced OAuth 2.0/2.1 security
- Common OAuth 2.x and OIDC deployment patterns
- Security limitations of OAuth 2.x in frontends
- Securing frontends with a Backend-For-Frontend
- Security recommendations for using OAuth 2.x in Angular
Upcoming events
Reviews
I also appreciated the concrete examples of how to implement DDD in folder and files structures.
Individual In-House Company Workshops
All of our workshops are also available remotely or in-house at any time.
Contact us for an appointment
FAQs on our workshops
How do your workshops and courses work?
Our seminars around Angular are a mixture of lecture, live coding and actual exercises. Together we implement what we have learned during the workshop directly on a example project. This mixture guarantees that the course never gets boring and “hands-on” is required instead of gray theory.
Who is the Angular hands-on training designed for?
Our Angular hands-on workshop is aimed at anyone who wants to develop applications with Angular in the future or is already doing so and now wants to better understand the background, context and building blocks of the framework.
Participants should have basic knowledge of web development (basic knowledge of HTML and JavaScript).
For advanced Angular developers we offer advanced seminars and intensive trainings on specific use cases.
Where do the Angular workshops take place?
Our trainings take place as public workshops in seminar rooms at central hotels in Germany, Austria and Switzerland. In-House company workshops take place at your office or conference room.
All courses are also available as remote workshops, where we meet online in a virtual classroom and do the training via video calls, screen sharing and live coding.
Who are the trainers?
Our workshops are held by experienced trainers and software architects. In recent years, we have provided Angular training to well-known companies – including well-known banks, insurance companies, industrial groups. Trainers include well-known conference speakers, authors of books and professional articles, bloggers, Google Developer Experts and university lecturers.
At what times are the training sessions held?
Especially for dedicated company trainings, we are happy to accommodate you. Typical times are 9:00AM to 4:30PM / 5:00PM. Some of our English-language workshops are timed so that you can also attend at US friendly times.
Can we also book online training courses?
Absolutely. In fact, since the pandemic, this has been our main business model and we have had very good experience with it. We use a combination of screen sharing, interactive online whiteboards, and are happy to connect to your computer for support during the exercises if you wish. As with our on-site training, we use a combination of short presentations, discussions, live coding and hands-on labs.
Since there is no travel involved, you also save time and money. We can also respond more flexibly to your scheduling needs.
Can we adapt the training for our purposes?
Yes, very much so. In fact, that’s one of the benefits of dedicated corporate training. You are welcome to weight, shorten or add to our agenda proposals. As a rule, we also coordinate with your trainer about 2 weeks before the training. If you wish, we can also arrange it earlier.
Why Angular?
Among other things, Angular’s wide distribution speaks for itself, but also the fact that Google, an Internet giant that also uses the framework very intensively, is behind it. Google alone has over 2600 solutions based on it. Due to the wide distribution, there is a large community and thus a lot of know-how on the market as well as (free and commercial) products that are adapted to Angular. In addition, Angular provides much of what you need for large applications out of the box: test automation, form management, routing, etc. In this respect, you get a stack whose components are coordinated and work together in the long term.
How do you compensate for different prior knowledge?
The good news up front is that participants with different levels of prior knowledge are the rule, not the exception, in adult education. That’s why you’ll find optional fade-in hints and bonus exercises on our exercise sheets, for those who are a little faster. Of course, we also provide personal support for the exercises.
How many participants are recommended?
If you book a company training with us, we leave this decision to you in principle. However, experience shows that there should not be more than 15 participants, especially since a seminar lives very much from questions, discussions and practical exercises.
What software do we need?
Please install the following software packages on your computer:
– NodeJS in current version (we test with current LTS version).
– Angular CLI (npm i -g @angular/cli)
– Git
– Visual Studio (free) or WebStorm/IntelliJ (commercial)
Selected happy customers
