Web Security Dev Academy - 12-week online program
16h 37m 20s
English
Paid
Master the full scope of web security and learn to develop secure full-stack applications with reliable authorization, protection against vulnerabilities, and modern protocols such as OAuth and OIDC.
Read more about the course
What you will receive:
- A complete understanding of web application security models - from theory to practice
- Knowledge of typical vulnerabilities and methods to prevent them at industry standards level
- Skills in designing and implementing a secure role-based access model in a real full-stack application
- Understanding and ability to securely implement OAuth/OIDC flows for different scenarios
Who the course is suitable for:
- Full-stack developers looking to enhance their security skills
- Frontend developers concerned with client-side application security
- Backend developers striving for secure server logic architecture
- Application security engineers wanting a deeper understanding of practical implementation
- System administrators interested in security from a code perspective
Who the course is not suitable for:
- Those unfamiliar with JavaScript and HTML
- Beginners with no experience in web development
- Those looking for foundational IT or network security knowledge
- Developers focused on design and UX
You will learn to:
- Develop secure web applications, not blindly relying on frameworks
- See security as a comprehensive task, covering both frontend and backend
- Integrate security into the daily development process
- Apply practices that truly work in real-world conditions
Practical project:
You will secure a full-fledged personal expense tracking application consisting of modules: authorization, dashboard, expenses, settings, and admin panel. The key focus is on implementing a role-based access control (RBAC) model and incorporating modern security mechanisms on both client and server sides.
Main stack: Angular and Node.js with TypeScript, however, the first 5 modules of the course are technologically neutral, allowing you to adapt the knowledge to any stack.
Watch Online Web Security Dev Academy - 12-week online program
Join premium to watch
Go to premium
| # | Title | Duration |
|---|---|---|
| 1 | Welcome lesson | 01:34 |
| 2 | Program structure and topics | 03:06 |
| 3 | Training outcomes | 02:11 |
| 4 | What you need | 02:03 |
| 5 | Your first task | 01:13 |
| 6 | Welcome lesson | 00:39 |
| 7 | Same-origin policy | 06:29 |
| 8 | Cross-origin resource sharing | 02:37 |
| 9 | Same-origin policy [LABS] | 07:34 |
| 10 | Cross-origin resource sharing [LABS] | 03:11 |
| 11 | Content Security Policy | 07:11 |
| 12 | Content Security Policy [LABS] | 22:54 |
| 13 | Content Security Policy - Reporting [LABS] | 02:45 |
| 14 | Subresource Integrity [LABS] | 03:16 |
| 15 | Homework | 00:59 |
| 16 | Welcome lesson | 00:33 |
| 17 | Client-side security boundaries | 09:23 |
| 18 | Server-side security | 09:13 |
| 19 | HTTPS | 06:02 |
| 20 | Sessions vs. Tokens | 17:21 |
| 21 | When to use Sessions vs. JWT Tokens | 05:52 |
| 22 | Homework | 02:08 |
| 23 | Welcome lesson | 01:01 |
| 24 | OWASP Top 10 | 20:22 |
| 25 | Cross-site scripting | 11:17 |
| 26 | Cross-site scripting [LABS] | 15:49 |
| 27 | Cross-site request forgery | 10:15 |
| 28 | Cross-site request forgery [LABS] | 18:44 |
| 29 | JWT Hacking | 14:33 |
| 30 | Other security vulnerabilities | 01:51 |
| 31 | Welcome lesson | 00:19 |
| 32 | Application overview | 10:59 |
| 33 | Application presentation | 03:04 |
| 34 | Application architecture | 10:09 |
| 35 | Authentication vs. authorization | 07:23 |
| 36 | Secured Angular part | 07:55 |
| 37 | Secured API | 10:19 |
| 38 | Node.js application setup | 03:37 |
| 39 | Homework | 01:48 |
| 40 | Welcome lesson | 01:00 |
| 41 | Features overview | 13:54 |
| 42 | Login feature [Angular] | 14:00 |
| 43 | Login feature [Node] | 19:47 |
| 44 | Sign up feature [Angular] | 05:23 |
| 45 | Sign up feature [Node] | 15:01 |
| 46 | Router Guards | 05:42 |
| 47 | Http Interceptors | 08:09 |
| 48 | Homework | 01:16 |
| 49 | Welcome lesson | 00:33 |
| 50 | XSS prevention | 11:01 |
| 51 | CSRF prevention | 12:39 |
| 52 | HttpOnly and Secure Cookies | 02:06 |
| 53 | UserAuth object | 06:27 |
| 54 | Conditional components visibility | 08:55 |
| 55 | Homework | 01:00 |
| 56 | Welcome lesson | 00:59 |
| 57 | UserAuth object | 04:45 |
| 58 | Server-side session | 03:11 |
| 59 | Logging access and application events | 23:25 |
| 60 | Throttling failed logins | 13:29 |
| 61 | Input sanitization and validation | 12:25 |
| 62 | Preventing calls without the proper role | 07:08 |
| 63 | Preventing calls without the ownership | 03:23 |
| 64 | Setting up CORS | 02:42 |
| 65 | Homework | 01:35 |
| 66 | Welcome lesson | 01:06 |
| 67 | Adding a new user to account [Angular] | 16:13 |
| 68 | Adding a new user to account [Node] | 13:06 |
| 69 | Confirming a new user for account [Angular] | 05:00 |
| 70 | Confirming a new user for account [Node] | 01:41 |
| 71 | Password recovery | 11:49 |
| 72 | Managing active sessions | 13:40 |
| 73 | Welcome lesson | 02:06 |
| 74 | Introduction to OAuth 2.0 | 09:59 |
| 75 | Different client types and suitable OAuth flows | 18:51 |
| 76 | Security measures in OAuth | 09:43 |
| 77 | PKCE | 08:52 |
| 78 | OpenID Connect | 11:48 |
| 79 | Id Token with Implicit flow | 03:40 |
| 80 | Id Token with Implicit flow [CODE] | 09:54 |
| 81 | Authorization Code flow [CODE] | 25:33 |
| 82 | OAuth/OIDC Homework | 03:38 |
| 83 | Multi-factor authentication introduction | 12:07 |
| 84 | Two-factor authentication demo | 02:51 |
| 85 | Requesting OTP [Angular] | 09:46 |
| 86 | Validating OTP [Node] | 08:36 |
| 87 | 2FA settings [Angular] | 05:19 |
| 88 | 2FA settings [Node] | 04:14 |
| 89 | External user management introduction | 18:23 |
| 90 | Budget and Auth0 integration presentation | 01:59 |
| 91 | Auth0 integration [Angular] | 03:08 |
| 92 | Auth0 integration [Node] | 13:59 |
| 93 | Homework | 00:54 |
| 94 | Intro | 01:19 |
| 95 | Getting started | 05:10 |
| 96 | Basic match | 03:20 |
| 97 | Basic allow | 02:17 |
| 98 | Basic conditions | 03:33 |
| 99 | Common examples | 05:31 |
| 100 | Functions | 04:30 |
| 101 | Read other documents | 03:58 |
| 102 | Chat example | 04:49 |
| 103 | Role-based auth example | 05:44 |
| 104 | Security testing introduction | 02:49 |
| 105 | Setting up mock Firestore | 04:01 |
| 106 | Unit testing with mock data | 03:59 |
| 107 | Debugging security rules | 02:05 |
| 108 | Welcome lesson | 03:05 |
| 109 | Personal data introduction | 21:21 |
| 110 | Privacy Policy | 21:38 |
| 111 | Terms and Conditions | 02:52 |
| 112 | GDPR and regulations in the World | 13:55 |
| 113 | Cookies | 15:10 |
| 114 | Summary | 05:43 |
| 115 | Introduction | 02:53 |
| 116 | Same-origin Policy | 02:02 |
| 117 | User authentication | 03:35 |
| 118 | Origin spoofing | 01:40 |
| 119 | Input validation | 03:22 |
| 120 | TCP tunneling | 04:19 |
| 121 | Denial of Service (DoS) | 02:10 |
| 122 | WSS Encryption | 00:59 |
| 123 | Simple WebSocket demo [LABS] | 05:03 |
| 124 | Content Security Policy [LABS] | 02:25 |
| 125 | Authentication [LABS] | 08:55 |
| 126 | Cross-site WebSocket hijacking [LABS] | 02:23 |
| 127 | Goodbye and kind request | 01:41 |
| 128 | LIVE: Module 3 @ 20/06/2024 | 36:24 |
| 129 | Secure Serverless Devlopment @ Marek Sottl | 01:07:11 |
Similar courses to Web Security Dev Academy - 12-week online program
JSON Web Token (JWT) Authentication with Node.jsegghead
Category: Node.js
Duration 32 minutes 33 seconds
Course
Epic Web. Ship Modern Full-Stack Web ApplicationsKent C. Dodds
Category: Other (Frontend)
Duration 39 hours 2 minutes 51 seconds
Course
Fullstack Typescript with TailwindCSS and tRPC Using Modern Features of PostgreSQLfullstack.io
Category: TypeScript, Other (Backend)
Duration 4 hours 54 minutes 49 seconds
Course
Microservices with NodeJS, React, Typescript and Kubernetesudemy
Category: TypeScript, React.js, Node.js, Kubernetes
Duration 95 hours 13 minutes 4 seconds
Course
Web API From Start to Finishiamtimcorey.com (Tim Corey)
Category: Other (Backend)
Duration 17 hours 59 minutes 54 seconds
Course
Remix Bootcamp: Zero to Masteryzerotomastery.io
Category: Other (Frontend)
Duration 21 hours 2 minutes 22 seconds
Course
Mastering Postgres | The most comprehensive course on PostgreSQLAaron Francis
Category: Other (Backend)
Duration 16 hours 13 minutes 30 seconds
Course