Web Security Dev Academy - 12-week online program

16h 37m 20s
English
Paid

Course description

Master the full scope of web security and learn to develop secure full-stack applications with reliable authorization, protection against vulnerabilities, and modern protocols such as OAuth and OIDC.

Read more about the course

What you will receive:

  • A complete understanding of web application security models - from theory to practice
  • Knowledge of typical vulnerabilities and methods to prevent them at industry standards level
  • Skills in designing and implementing a secure role-based access model in a real full-stack application
  • Understanding and ability to securely implement OAuth/OIDC flows for different scenarios

Who the course is suitable for:

  • Full-stack developers looking to enhance their security skills
  • Frontend developers concerned with client-side application security
  • Backend developers striving for secure server logic architecture
  • Application security engineers wanting a deeper understanding of practical implementation
  • System administrators interested in security from a code perspective

Who the course is not suitable for:

  • Those unfamiliar with JavaScript and HTML
  • Beginners with no experience in web development
  • Those looking for foundational IT or network security knowledge
  • Developers focused on design and UX

You will learn to:

  • Develop secure web applications, not blindly relying on frameworks
  • See security as a comprehensive task, covering both frontend and backend
  • Integrate security into the daily development process
  • Apply practices that truly work in real-world conditions

Practical project:

You will secure a full-fledged personal expense tracking application consisting of modules: authorization, dashboard, expenses, settings, and admin panel. The key focus is on implementing a role-based access control (RBAC) model and incorporating modern security mechanisms on both client and server sides.

Main stack: Angular and Node.js with TypeScript, however, the first 5 modules of the course are technologically neutral, allowing you to adapt the knowledge to any stack.

Watch Online

Join premium to watch
Go to premium
# Title Duration
1 Welcome lesson 01:34
2 Program structure and topics 03:06
3 Training outcomes 02:11
4 What you need 02:03
5 Your first task 01:13
6 Welcome lesson 00:39
7 Same-origin policy 06:29
8 Cross-origin resource sharing 02:37
9 Same-origin policy [LABS] 07:34
10 Cross-origin resource sharing [LABS] 03:11
11 Content Security Policy 07:11
12 Content Security Policy [LABS] 22:54
13 Content Security Policy - Reporting [LABS] 02:45
14 Subresource Integrity [LABS] 03:16
15 Homework 00:59
16 Welcome lesson 00:33
17 Client-side security boundaries 09:23
18 Server-side security 09:13
19 HTTPS 06:02
20 Sessions vs. Tokens 17:21
21 When to use Sessions vs. JWT Tokens 05:52
22 Homework 02:08
23 Welcome lesson 01:01
24 OWASP Top 10 20:22
25 Cross-site scripting 11:17
26 Cross-site scripting [LABS] 15:49
27 Cross-site request forgery 10:15
28 Cross-site request forgery [LABS] 18:44
29 JWT Hacking 14:33
30 Other security vulnerabilities 01:51
31 Welcome lesson 00:19
32 Application overview 10:59
33 Application presentation 03:04
34 Application architecture 10:09
35 Authentication vs. authorization 07:23
36 Secured Angular part 07:55
37 Secured API 10:19
38 Node.js application setup 03:37
39 Homework 01:48
40 Welcome lesson 01:00
41 Features overview 13:54
42 Login feature [Angular] 14:00
43 Login feature [Node] 19:47
44 Sign up feature [Angular] 05:23
45 Sign up feature [Node] 15:01
46 Router Guards 05:42
47 Http Interceptors 08:09
48 Homework 01:16
49 Welcome lesson 00:33
50 XSS prevention 11:01
51 CSRF prevention 12:39
52 HttpOnly and Secure Cookies 02:06
53 UserAuth object 06:27
54 Conditional components visibility 08:55
55 Homework 01:00
56 Welcome lesson 00:59
57 UserAuth object 04:45
58 Server-side session 03:11
59 Logging access and application events 23:25
60 Throttling failed logins 13:29
61 Input sanitization and validation 12:25
62 Preventing calls without the proper role 07:08
63 Preventing calls without the ownership 03:23
64 Setting up CORS 02:42
65 Homework 01:35
66 Welcome lesson 01:06
67 Adding a new user to account [Angular] 16:13
68 Adding a new user to account [Node] 13:06
69 Confirming a new user for account [Angular] 05:00
70 Confirming a new user for account [Node] 01:41
71 Password recovery 11:49
72 Managing active sessions 13:40
73 Welcome lesson 02:06
74 Introduction to OAuth 2.0 09:59
75 Different client types and suitable OAuth flows 18:51
76 Security measures in OAuth 09:43
77 PKCE 08:52
78 OpenID Connect 11:48
79 Id Token with Implicit flow 03:40
80 Id Token with Implicit flow [CODE] 09:54
81 Authorization Code flow [CODE] 25:33
82 OAuth/OIDC Homework 03:38
83 Multi-factor authentication introduction 12:07
84 Two-factor authentication demo 02:51
85 Requesting OTP [Angular] 09:46
86 Validating OTP [Node] 08:36
87 2FA settings [Angular] 05:19
88 2FA settings [Node] 04:14
89 External user management introduction 18:23
90 Budget and Auth0 integration presentation 01:59
91 Auth0 integration [Angular] 03:08
92 Auth0 integration [Node] 13:59
93 Homework 00:54
94 Intro 01:19
95 Getting started 05:10
96 Basic match 03:20
97 Basic allow 02:17
98 Basic conditions 03:33
99 Common examples 05:31
100 Functions 04:30
101 Read other documents 03:58
102 Chat example 04:49
103 Role-based auth example 05:44
104 Security testing introduction 02:49
105 Setting up mock Firestore 04:01
106 Unit testing with mock data 03:59
107 Debugging security rules 02:05
108 Welcome lesson 03:05
109 Personal data introduction 21:21
110 Privacy Policy 21:38
111 Terms and Conditions 02:52
112 GDPR and regulations in the World 13:55
113 Cookies 15:10
114 Summary 05:43
115 Introduction 02:53
116 Same-origin Policy 02:02
117 User authentication 03:35
118 Origin spoofing 01:40
119 Input validation 03:22
120 TCP tunneling 04:19
121 Denial of Service (DoS) 02:10
122 WSS Encryption 00:59
123 Simple WebSocket demo [LABS] 05:03
124 Content Security Policy [LABS] 02:25
125 Authentication [LABS] 08:55
126 Cross-site WebSocket hijacking [LABS] 02:23
127 Goodbye and kind request 01:41
128 LIVE: Module 3 @ 20/06/2024 36:24
129 Secure Serverless Devlopment @ Marek Sottl 01:07:11

Comments

0 comments

Want to join the conversation?

Sign in to comment

Similar courses

React Query: Server State Management in React

React Query: Server State Management in React

Sources: udemy
React Query has become the go-to solution for server state management in React apps, and for good reason! This smart, comprehensive solution makes it easy to ke
7 hours 39 minutes 49 seconds
Learn Astro

Learn Astro

Sources: Chris Pennington
In a world of overly complex web frameworks, Astro stands out for its simplicity, excellent developer experience, and high performance. But behind this...
17 hours 12 minutes 58 seconds
Building an AI Icon Generator using the T3 Stack (Next.js, Prisma, TailwindCSS, Typescript, Dall-E API)

Building an AI Icon Generator using the T3 Stack (Next.js, Prisma, TailwindCSS, Typescript, Dall-E API)

Sources: Web Dev Cody
Are you looking to take your web development skills to the next level? Do you want to learn how to build a fully functional icon generator that integrates with
5 hours 53 minutes 23 seconds