CF

Web Security Dev Academy - 12-week online program

16h 37m 20s
English
Paid

Master the full scope of web security and learn to develop secure full-stack applications with reliable authorization, protection against vulnerabilities, and modern protocols such as OAuth and OIDC.

What You Will Receive

  • A complete understanding of web application security models - from theory to practice
  • Knowledge of typical vulnerabilities and methods to prevent them at industry standards level
  • Skills in designing and implementing a secure role-based access model in a real full-stack application
  • Understanding and ability to securely implement OAuth/OIDC flows for different scenarios

Who the Course is Suitable For

  • Full-stack developers looking to enhance their security skills
  • Frontend developers concerned with client-side application security
  • Backend developers striving for secure server logic architecture
  • Application security engineers wanting a deeper understanding of practical implementation
  • System administrators interested in security from a code perspective

Who the Course is Not Suitable For

  • Those unfamiliar with JavaScript and HTML
  • Beginners with no experience in web development
  • Those looking for foundational IT or network security knowledge
  • Developers focused on design and UX

What You Will Learn

  • Develop secure web applications, not blindly relying on frameworks
  • See security as a comprehensive task, covering both frontend and backend
  • Integrate security into the daily development process
  • Apply practices that truly work in real-world conditions

Practical Project

You will secure a full-fledged personal expense tracking application consisting of modules: authorization, dashboard, expenses, settings, and admin panel. The key focus is on implementing a role-based access control (RBAC) model and incorporating modern security mechanisms on both client and server sides.

Main stack: Angular and Node.js with TypeScript. However, the first five modules of the course are technologically neutral, allowing you to adapt the knowledge to any stack.

About the Author: Bartosz Pietrucha

Bartosz Pietrucha thumbnail

Bartosz Pietrucha is a Polish Angular educator and the founder of Angular Architects, focused on the architectural patterns that scale Angular applications past the toy-project size. He is a frequent NgConf speaker and publishes paid courses on advanced Angular and web-security topics.

His CourseFlix listing carries Web Security Dev Academy — 12-Week Program — a comprehensive walkthrough of the OWASP attack categories, the defences against them at the application layer, and the security-engineering patterns that show up in production codebases across Angular, Node.js, and TypeScript stacks.

Material is paid and aimed at developers ready to take application security as a deliberate engineering discipline. For broader content, see CourseFlix's Web Security & Pentesting category page.

Watch Online 129 lessons

This is a demo lesson (10:00 remaining)

You can watch up to 10 minutes for free. Subscribe to unlock all 129 lessons in this course and access 10,000+ hours of premium content across all courses.

View Pricing
0:00
/
#1: Welcome lesson
All Course Lessons (129)
#Lesson TitleDurationAccess
1
Welcome lesson Demo
01:34
2
Program structure and topics
03:06
3
Training outcomes
02:11
4
What you need
02:03
5
Your first task
01:13
6
Welcome lesson
00:39
7
Same-origin policy
06:29
8
Cross-origin resource sharing
02:37
9
Same-origin policy [LABS]
07:34
10
Cross-origin resource sharing [LABS]
03:11
11
Content Security Policy
07:11
12
Content Security Policy [LABS]
22:54
13
Content Security Policy - Reporting [LABS]
02:45
14
Subresource Integrity [LABS]
03:16
15
Homework
00:59
16
Welcome lesson
00:33
17
Client-side security boundaries
09:23
18
Server-side security
09:13
19
HTTPS
06:02
20
Sessions vs. Tokens
17:21
21
When to use Sessions vs. JWT Tokens
05:52
22
Homework
02:08
23
Welcome lesson
01:01
24
OWASP Top 10
20:22
25
Cross-site scripting
11:17
26
Cross-site scripting [LABS]
15:49
27
Cross-site request forgery
10:15
28
Cross-site request forgery [LABS]
18:44
29
JWT Hacking
14:33
30
Other security vulnerabilities
01:51
31
Welcome lesson
00:19
32
Application overview
10:59
33
Application presentation
03:04
34
Application architecture
10:09
35
Authentication vs. authorization
07:23
36
Secured Angular part
07:55
37
Secured API
10:19
38
Node.js application setup
03:37
39
Homework
01:48
40
Welcome lesson
01:00
41
Features overview
13:54
42
Login feature [Angular]
14:00
43
Login feature [Node]
19:47
44
Sign up feature [Angular]
05:23
45
Sign up feature [Node]
15:01
46
Router Guards
05:42
47
Http Interceptors
08:09
48
Homework
01:16
49
Welcome lesson
00:33
50
XSS prevention
11:01
51
CSRF prevention
12:39
52
HttpOnly and Secure Cookies
02:06
53
UserAuth object
06:27
54
Conditional components visibility
08:55
55
Homework
01:00
56
Welcome lesson
00:59
57
UserAuth object
04:45
58
Server-side session
03:11
59
Logging access and application events
23:25
60
Throttling failed logins
13:29
61
Input sanitization and validation
12:25
62
Preventing calls without the proper role
07:08
63
Preventing calls without the ownership
03:23
64
Setting up CORS
02:42
65
Homework
01:35
66
Welcome lesson
01:06
67
Adding a new user to account [Angular]
16:13
68
Adding a new user to account [Node]
13:06
69
Confirming a new user for account [Angular]
05:00
70
Confirming a new user for account [Node]
01:41
71
Password recovery
11:49
72
Managing active sessions
13:40
73
Welcome lesson
02:06
74
Introduction to OAuth 2.0
09:59
75
Different client types and suitable OAuth flows
18:51
76
Security measures in OAuth
09:43
77
PKCE
08:52
78
OpenID Connect
11:48
79
Id Token with Implicit flow
03:40
80
Id Token with Implicit flow [CODE]
09:54
81
Authorization Code flow [CODE]
25:33
82
OAuth/OIDC Homework
03:38
83
Multi-factor authentication introduction
12:07
84
Two-factor authentication demo
02:51
85
Requesting OTP [Angular]
09:46
86
Validating OTP [Node]
08:36
87
2FA settings [Angular]
05:19
88
2FA settings [Node]
04:14
89
External user management introduction
18:23
90
Budget and Auth0 integration presentation
01:59
91
Auth0 integration [Angular]
03:08
92
Auth0 integration [Node]
13:59
93
Homework
00:54
94
Intro
01:19
95
Getting started
05:10
96
Basic match
03:20
97
Basic allow
02:17
98
Basic conditions
03:33
99
Common examples
05:31
100
Functions
04:30
101
Read other documents
03:58
102
Chat example
04:49
103
Role-based auth example
05:44
104
Security testing introduction
02:49
105
Setting up mock Firestore
04:01
106
Unit testing with mock data
03:59
107
Debugging security rules
02:05
108
Welcome lesson
03:05
109
Personal data introduction
21:21
110
Privacy Policy
21:38
111
Terms and Conditions
02:52
112
GDPR and regulations in the World
13:55
113
Cookies
15:10
114
Summary
05:43
115
Introduction
02:53
116
Same-origin Policy
02:02
117
User authentication
03:35
118
Origin spoofing
01:40
119
Input validation
03:22
120
TCP tunneling
04:19
121
Denial of Service (DoS)
02:10
122
WSS Encryption
00:59
123
Simple WebSocket demo [LABS]
05:03
124
Content Security Policy [LABS]
02:25
125
Authentication [LABS]
08:55
126
Cross-site WebSocket hijacking [LABS]
02:23
127
Goodbye and kind request
01:41
128
LIVE: Module 3 @ 20/06/2024
36:24
129
Secure Serverless Devlopment @ Marek Sottl
01:07:11
Unlock unlimited learning

Get instant access to all 128 lessons in this course, plus thousands of other premium courses. One subscription, unlimited knowledge.

Learn more about subscription

Related courses

Frequently asked questions

What are the prerequisites for enrolling in this course?
The course requires familiarity with JavaScript and HTML. It is not suitable for beginners with no experience in web development or those seeking foundational IT or network security knowledge. Participants should have experience in either frontend or backend development, or work as application security engineers or system administrators interested in code security.
What projects or applications will I build during the course?
Participants will work on designing and implementing a secure role-based access model in a real full-stack application. The course includes practical labs such as Cross-origin resource sharing, Content Security Policy, and Cross-site scripting to apply learned concepts. There will also be projects focused on securing applications with OAuth/OIDC flows and integrating security into daily development processes.
Who is the target audience for this course?
The course is aimed at full-stack developers looking to enhance their security skills, frontend developers focused on client-side security, backend developers interested in secure server logic, application security engineers seeking practical implementation knowledge, and system administrators who want to understand security from a code perspective.
How does the depth and scope of this course compare to other web security courses?
This course covers both theoretical and practical aspects of web security, including the OWASP Top 10 vulnerabilities, JWT hacking, and secure implementation of OAuth/OIDC. It is designed for those who want to integrate security into their development process rather than relying solely on frameworks. The course involves 129 lessons, providing a comprehensive overview of both frontend and backend security.
What specific security tools or technologies are covered in the course?
The course covers modern security protocols such as OAuth and OIDC, and discusses the use of JWT tokens versus sessions. It also includes lessons on implementing Content Security Policy, Subresource Integrity, and handling Cross-site scripting and request forgery vulnerabilities. Participants will use Angular and Node.js to secure application features like login and sign-up.
What topics are explicitly not covered in this course?
The course does not cover foundational IT or network security knowledge. It is not intended for those focused on design and UX, as it specifically targets security in web development. Additionally, it does not provide beginner-level instruction in web development basics.
How much time should I expect to commit to this course?
The course is structured over 12 weeks and consists of 129 lessons. While the specific runtime for each lesson is not provided, students should be prepared to dedicate a significant amount of time each week to cover both the theoretical lessons and hands-on labs. The course also includes regular homework assignments to reinforce the material.