API Security Workshop mit Dr. De Ryck

Workshop for Building Secure APIs and Backends

Learn to Protect Your Critical Solutions!

2 Tage
Basic Knowledge about Web Development
Labs, Quizzes, Experiments
Auch als Firmen-Workshop verfügbar
Öffentlicher Workshop
  • Dauer: 2 Tage
  • Nächster Termin: TBA
  • Gruppenrabatt verfügbar
  • Individuell vereinbar
  • In-House oder remote
  • Ab ca. 8 Teilnehmer günstiger

Proven Interactive Workshop with Labs and Discussions

Building secure APIs and microservices is hard, really hard. Not only do you have to make the right architectural security decisions, you also have to be aware of various implementation vulnerabilities to ensure the security of your applications. This workshop provides API developers with the necessary knowledge to assess and improve the security of their APIs.


Didactic Approach

With a mix of lectures, demos, quizzes, and hands-on labs, participants discover best practices for building secure APIs. We investigate various techniques to implement authentication and authorization, along with their trade-offs and pitfalls. We dive deep into handling JSON Web Tokens, but also discuss the relevance of browser security features such as Cross-Origin Resource Sharing. Additionally, we discuss current best practices for securing an API with OAuth 2.0.


Learning Goal

This workshop offers practical and immediately applicable security advice for API developers. Throughout the workshop, Philippe is available to answer any questions, including concrete scenarios applying to your own applications.


Code Examples

Code examples and demos often use NodeJS and Spring Boot, but are easy to translate to other languages and frameworks.

Impressions In-House

Impressions Remote

Impressions In-House

Impressions Remote


✅ Online version: 100% remote – No travel required!

✅ Interactive: ask questions and participate in discussions

✅ True understanding of problems, solutions, and their trade-offs

✅ High-quality course materials to use as a reference

✅ Lots of demos and lab sessions

✅ Labs remain accessible after the workshop

Ausgewählte zufriedene Kunden

The course of the training at a glance


  • The security model of APIs
  • Foundational API security principles
  • Configuring API security headers

API authentication and authorization

  • Basic API authentication techniques
  • Advanced API authentication
  • Common API authorization failures
  • Enforcing API authorization
  • API authorization best practices

The nonsense of "cookies vs tokens"

  • Managing user state in REST APIs
  • The good, the bad, and the ugly parts of cookies
  • Understanding Cross-Origin Resource Sharing (CORS)
  • Trade-offs and best practices

JSON Web Token security

  • Understanding the security features of JWTs
  • Practical JWT use cases
  • Common JWT security pitfalls
  • Token management challenges
  • Solving key management for JWTs
  • JWT security best practices

Securing APIs with OAuth 2.0

  • Access token types
  • Making authorization decisions with access tokens
  • Effectively using scopes and permissions
  • Outlook to OAuth 2.1

Aktuelle Termine

Alle unsere Seminare sind jederzeit auch Remote oder In-House verfügbar. Kontaktieren Sie uns für eine Terminvereinbarung

No post was found with your current grid settings. You should verify if you have posts inside the current selected post type(s) and if the meta key filter is not too much restrictive.

Weitere öffentliche Termine

2023 11. 04 -
12. 04
09:00 - 17:00 (CET)
Group DiscountEarly Bird bis 26.03.2023

Professional Angular Testing

2023 18. 04 -
20. 04
14:30 - 18:30 (CET)
Group DiscountEarly Bird bis 26.03.2023

Angular Performance Optimization Workshop

8:30 am - 12:30 pm ET (New York.) // 2:30 pm - 6:30 pm CET (Berlin)
2023 20. 04 -
21. 04
09:00 - 17:00 (CET)
GruppenrabattEarly Bird bis 26.03.2023

Design mit System: Skalierbare Design Systems mit Storybook und Angular

2023 11. 05 -
12. 05
09:00 - 17:00 (CET)
Discount CodeEarly Bird bis 31.03.2023

Professional NGRX: Advanced State Management & Best Practices

2023 15. 05 -
17. 05
09:00 - 16:30 (CET)
GruppenrabattEarly Bird

Moderne Spring-Backends für Angular

2025 22. 05 -
24. 05
09:00 - 17:00 (CET)
GruppenrabattEarly Bird bis 31.03.2023

Schulung: Fullstack Angular mit NestJS

2023 22. 05 -
24. 05
09:00 - 17:00 (CET)
GruppenrabattEarly Bird bis 31.03.2023

Angular Architektur Workshop

2025 23. 05 -
25. 05
09:00 - 17:00 (CET)
GruppenrabattEarly Bird bis 31.03.2023

Moderne .NET-Backends für Angular

2023 26. 06 -
27. 06
09:00 - 16:30 (CET)
GruppenrabattEarly Bird bis 31.05.2023

Professional Angular Testing

2023 29. 06 -
30. 06
09:00 - 16:30 (CET)
GruppenrabattEarly Bird

Professional NGRX: Advanced State Management & Best Practices

Manfred Steyer ist Google Developer Expert (GDE) für Angular sowie Tursted Collaborator im Angular-Team. Zusammen mit seinem Team betreut er Kunden im gesamten deutschen Sprachruam. Der Fokus liegt dabei auf Geschäfts- und Industrie-Anwendungen auf der Basis von Angular.

Jetzt anfragen!