API Security Workshop with Dr. Philippe De Ryck (100% Online, Interactive)


Building secure APIs and microservices is hard, really hard. Not only do you have to make the right architectural security decisions, you also have to be aware of various implementation vulnerabilities to ensure the security of your applications. This workshop provides API developers with the necessary knowledge to assess and improve the security of their APIs.


With a mix of lectures, demos, quizzes, and hands-on labs, participants discover best practices for building secure APIs. We investigate various techniques to implement authentication and authorization, along with their trade-offs and pitfalls. We dive deep into handling JSON Web Tokens, but also discuss the relevance of browser security features such as Cross-Origin Resource Sharing. Additionally, we discuss current best practices for securing an API with OAuth 2.0.


This workshop offers practical and immediately applicable security advice for API developers. Throughout the workshop, Philippe is available to answer any questions, including concrete scenarios applying to your own applications.

Some Impressions



We are all connected via a Browser-based virtual classroom.



Lots of demos and interactive challenges guided by your trainer.


Didactic Approach


This workshop is not just any workshop. It is packed with in-depth and up-to-date content. We do not merely brush over a threat and defense but focus on the underlying cause and consequences. Why do we have this problem? Which mitigations are often used? Why are some ineffective? Which one is the current best practice? These are the questions that will be answered throughout the workshop.


The workshop consists of a mixture of lectures, demos, interactive quizzes, and hands-on labs. The lectures provide in-depth knowledge of attacks and defenses. The hands-on labs are conducted in a custom-built competitive training environment, allowing participants to gain hands-on experience with offensive and defensive technologies.


Code examples and demos often use NodeJS and Spring Boot, but are easy to translate to other languages and frameworks.



  • ✅ Completely online – no travel required!
  • ✅ Interactive: ask questions and participate in discussions
  • ✅ True understanding of problems, solutions, and their trade-offs
  • ✅ Relevant for all API architects and developers
  • ✅ High-quality course materials to use as a reference
  • ✅ Lots of demos and lab sessions
  • ✅ Labs remain accessible after the workshop

Your Trainer: Dr Philippe De Ryck, GDE


Dr Philippe De Ryck speaking about Security


Philippe De Ryck helps developers protect companies through better web security. His Ph.D. in web security from KU Leuven lies at the basis of his exceptional knowledge of the security landscape. As the founder of Pragmatic Web Security, Philippe delivers security training and security consulting to companies worldwide.


Philippe is a Google Developer Expert and an Auth0 Ambassador/Expert for his community contributions on the security of web applications and APIs. Philippe has been speaking about Angular security since AngularJS 1.x, and is widely recognized as an Angular security expert.



  • ✅ Familiarity with building Angular applications.
  • ✅ An understanding of OAuth 2.0 and OpenID Connect (this free introduction course is the perfect starting point)
  • ✅ Access to a computer with a modern browser (Chrome is recommended)

27.05. - 28.05.2021

Datum & Uhrzeit:

27.05.2021, 9:00 Uhr - 28.05.2021, 17:00 Uhr





Ihre Trainer:

Dr Philippe De Ryck, GDE

Alle Workshop-Inhalte


  • Origins, sites, and domains
  • UI redressing attacks
  • Browser-based data leakage
  • Architectural security patterns

Dealing with Malicious JavaScript

  • Introduction to Cross-Site Scripting (XSS)
  • XSS defenses in Angular
  • XSS pitfalls in Angular
  • XSS and server-side rendering
  • Introduction to Content Security Policy (CSP)
  • Common security mistakes in CSP policies
  • Deploying CSP for Angular
  • Practicalities about CSP
  • Security with Subresource Integrity (SRI)

A Secure Frontend Architecture

  • Sandboxing untrusted content
  • Enforcing behavioral restrictions
  • Advanced HTML5 sandboxing techniques
  • Secure data storage in the browser
  • Using the Web Crypto API
  • Security patterns using the Web Crypto API
  • Configuring browser security headers

Advanced OAuth 2.0 and OpenID Connect Security

  • OAuth 2.0 and OpenID Connect best practices for SPAs and Single Sign-On
  • Circumventing OAuth 2.0 security
  • Introducing the Backend-For-Frontend pattern
  • Security recommendations for using OAuth 2.0 in Angular
  • Outlook to OAuth 2.1

Nichts mehr verpassen!

Melde Dich jetzt zu unserem Newsletter an und erhalte alle Informationen zu Angular, unseren Workshops und Terminen.

* Für die Anmeldung bei unserem Newsletter gilt unsere Datenschutz-Richtlinie.

Aktuelle Öffentliche Termine

Immer Nach Vereinbarung

Alle unsere Seminare sind jederzeit auch Remote oder In-House verfügbar. Kontaktieren Sie uns für eine Terminvereinbarung

Remote oder In-House

21. 06 -
23. 06

Trainer: Manfred Steyer, GDE und Michael Zikes



28. 06 -
30. 06

Trainer: Rainer Hahnekamp



17. 08 -
19. 08

Trainer: Manfred Steyer, GDE und Michael Zikes



Nur einen Schritt entfernt!

Stellen Sie noch heute Ihre Anfrage,
wir beraten Sie gerne!

Jetzt anfragen!