Angular Security with Dr De Ryck (Advanced, English)

Online-Workshop for Building Secure Angular-Solutions

Learn to Protect Your Critical Angular-Solutions!

Proven Interactive Workshop with Labs and Discussions

Angular applications disrupt the traditional web security landscape, and finding reliable security advice is hard. This workshop provides Angular developers with the answers to all their security questions.


With a mix of lectures, demos, quizzes, and hands-on labs, participants discover best practices for building secure Angular applications. We investigate how to use and configure security mechanisms available in modern browsers. We explore how Angular handles security out-of-the-box, along with common mistakes that circumvent these protections. Additionally, we discuss scenarios that address common questions, including secure data storage in the browser and the use of OAuth 2.0 and OpenID Connect.


This workshop offers practical and immediately applicable security advice for Angular developers. Throughout the workshop, Philippe is available to answer any questions, including concrete scenarios applying to your own applications.

Didactic approach


The workshop consists of a mixture of lectures, demos, interactive quizzes, and hands-on labs. The lectures provide in-depth knowledge of attacks and defenses. The hands-on labs are conducted in a custom-built competitive training environment, allowing participants to gain hands-on experience with offensive and defensive technologies.



Familiarity with building Angular applications.
Access to a computer with a modern browser (Chrome is recommended)



  • Completely online – no travel required!
  • Interactive: ask questions and participate in discussions
  • True understanding of problems, solutions, and their trade-offs
  • High-quality course materials to use as a reference
  • Lots of demos and lab sessions
  • Labs remain accessible after the workshop

The course of the training at a glance


  • Origins, sites, and domains
  • UI redressing attacks
  • Browser-based data leakage
  • Architectural security patterns

Dealing with Malicious JavaScript

  • Introduction to Cross-Site Scripting (XSS)
  • XSS defenses in Angular
  • XSS pitfalls in Angular
  • XSS and server-side rendering
  • Introduction to Content Security Policy (CSP)
  • Common security mistakes in CSP policies
  • Deploying CSP for Angular
  • Practicalities about CSP
  • Security with Subresource Integrity (SRI)

A Secure Frontend Architecture

  • Sandboxing untrusted content
  • Enforcing behavioral restrictions
  • Advanced HTML5 sandboxing techniques
  • Secure data storage in the browser
  • Using the Web Crypto API
  • Security patterns using the Web Crypto API
  • Configuring browser security headers

Advanced OAuth 2.0 and OpenID Connect Security

  • OAuth 2.0 and OpenID Connect best practices for SPAs and Single Sign-On
  • Circumventing OAuth 2.0 security
  • Introducing the Backend-For-Frontend pattern
  • Security recommendations for using OAuth 2.0 in Angular
  • Outlook to OAuth 2.1

Aktuelle Öffentliche Termine

Immer Nach Vereinbarung

Alle unsere Seminare sind jederzeit auch Remote oder In-House verfügbar. Kontaktieren Sie uns für eine Terminvereinbarung

Remote oder In-House

21. 06 -
23. 06

Trainer: Manfred Steyer, GDE und Michael Zikes



28. 06 -
30. 06

Trainer: Rainer Hahnekamp



17. 08 -
19. 08

Trainer: Manfred Steyer, GDE und Michael Zikes



Manfred Steyer ist Google Developer Expert (GDE) für Angular sowie Tursted Collaborator im Angular-Team. Zusammen mit seinem Team betreut er Kunden im gesamten deutschen Sprachruam. Der Fokus liegt dabei auf Geschäfts- und Industrie-Anwendungen auf der Basis von Angular.

Jetzt anfragen!