Web Security Dev Academy - 12-week online program

16h 37m 20s
English
Paid

Master the full scope of web security and learn to develop secure full-stack applications with reliable authorization, protection against vulnerabilities, and modern protocols such as OAuth and OIDC.

Read more about the course

What you will receive:

  • A complete understanding of web application security models - from theory to practice
  • Knowledge of typical vulnerabilities and methods to prevent them at industry standards level
  • Skills in designing and implementing a secure role-based access model in a real full-stack application
  • Understanding and ability to securely implement OAuth/OIDC flows for different scenarios

Who the course is suitable for:

  • Full-stack developers looking to enhance their security skills
  • Frontend developers concerned with client-side application security
  • Backend developers striving for secure server logic architecture
  • Application security engineers wanting a deeper understanding of practical implementation
  • System administrators interested in security from a code perspective

Who the course is not suitable for:

  • Those unfamiliar with JavaScript and HTML
  • Beginners with no experience in web development
  • Those looking for foundational IT or network security knowledge
  • Developers focused on design and UX

You will learn to:

  • Develop secure web applications, not blindly relying on frameworks
  • See security as a comprehensive task, covering both frontend and backend
  • Integrate security into the daily development process
  • Apply practices that truly work in real-world conditions

Practical project:

You will secure a full-fledged personal expense tracking application consisting of modules: authorization, dashboard, expenses, settings, and admin panel. The key focus is on implementing a role-based access control (RBAC) model and incorporating modern security mechanisms on both client and server sides.

Main stack: Angular and Node.js with TypeScript, however, the first 5 modules of the course are technologically neutral, allowing you to adapt the knowledge to any stack.

Watch Online Web Security Dev Academy - 12-week online program

Join premium to watch
Go to premium
# Title Duration
1 Welcome lesson 01:34
2 Program structure and topics 03:06
3 Training outcomes 02:11
4 What you need 02:03
5 Your first task 01:13
6 Welcome lesson 00:39
7 Same-origin policy 06:29
8 Cross-origin resource sharing 02:37
9 Same-origin policy [LABS] 07:34
10 Cross-origin resource sharing [LABS] 03:11
11 Content Security Policy 07:11
12 Content Security Policy [LABS] 22:54
13 Content Security Policy - Reporting [LABS] 02:45
14 Subresource Integrity [LABS] 03:16
15 Homework 00:59
16 Welcome lesson 00:33
17 Client-side security boundaries 09:23
18 Server-side security 09:13
19 HTTPS 06:02
20 Sessions vs. Tokens 17:21
21 When to use Sessions vs. JWT Tokens 05:52
22 Homework 02:08
23 Welcome lesson 01:01
24 OWASP Top 10 20:22
25 Cross-site scripting 11:17
26 Cross-site scripting [LABS] 15:49
27 Cross-site request forgery 10:15
28 Cross-site request forgery [LABS] 18:44
29 JWT Hacking 14:33
30 Other security vulnerabilities 01:51
31 Welcome lesson 00:19
32 Application overview 10:59
33 Application presentation 03:04
34 Application architecture 10:09
35 Authentication vs. authorization 07:23
36 Secured Angular part 07:55
37 Secured API 10:19
38 Node.js application setup 03:37
39 Homework 01:48
40 Welcome lesson 01:00
41 Features overview 13:54
42 Login feature [Angular] 14:00
43 Login feature [Node] 19:47
44 Sign up feature [Angular] 05:23
45 Sign up feature [Node] 15:01
46 Router Guards 05:42
47 Http Interceptors 08:09
48 Homework 01:16
49 Welcome lesson 00:33
50 XSS prevention 11:01
51 CSRF prevention 12:39
52 HttpOnly and Secure Cookies 02:06
53 UserAuth object 06:27
54 Conditional components visibility 08:55
55 Homework 01:00
56 Welcome lesson 00:59
57 UserAuth object 04:45
58 Server-side session 03:11
59 Logging access and application events 23:25
60 Throttling failed logins 13:29
61 Input sanitization and validation 12:25
62 Preventing calls without the proper role 07:08
63 Preventing calls without the ownership 03:23
64 Setting up CORS 02:42
65 Homework 01:35
66 Welcome lesson 01:06
67 Adding a new user to account [Angular] 16:13
68 Adding a new user to account [Node] 13:06
69 Confirming a new user for account [Angular] 05:00
70 Confirming a new user for account [Node] 01:41
71 Password recovery 11:49
72 Managing active sessions 13:40
73 Welcome lesson 02:06
74 Introduction to OAuth 2.0 09:59
75 Different client types and suitable OAuth flows 18:51
76 Security measures in OAuth 09:43
77 PKCE 08:52
78 OpenID Connect 11:48
79 Id Token with Implicit flow 03:40
80 Id Token with Implicit flow [CODE] 09:54
81 Authorization Code flow [CODE] 25:33
82 OAuth/OIDC Homework 03:38
83 Multi-factor authentication introduction 12:07
84 Two-factor authentication demo 02:51
85 Requesting OTP [Angular] 09:46
86 Validating OTP [Node] 08:36
87 2FA settings [Angular] 05:19
88 2FA settings [Node] 04:14
89 External user management introduction 18:23
90 Budget and Auth0 integration presentation 01:59
91 Auth0 integration [Angular] 03:08
92 Auth0 integration [Node] 13:59
93 Homework 00:54
94 Intro 01:19
95 Getting started 05:10
96 Basic match 03:20
97 Basic allow 02:17
98 Basic conditions 03:33
99 Common examples 05:31
100 Functions 04:30
101 Read other documents 03:58
102 Chat example 04:49
103 Role-based auth example 05:44
104 Security testing introduction 02:49
105 Setting up mock Firestore 04:01
106 Unit testing with mock data 03:59
107 Debugging security rules 02:05
108 Welcome lesson 03:05
109 Personal data introduction 21:21
110 Privacy Policy 21:38
111 Terms and Conditions 02:52
112 GDPR and regulations in the World 13:55
113 Cookies 15:10
114 Summary 05:43
115 Introduction 02:53
116 Same-origin Policy 02:02
117 User authentication 03:35
118 Origin spoofing 01:40
119 Input validation 03:22
120 TCP tunneling 04:19
121 Denial of Service (DoS) 02:10
122 WSS Encryption 00:59
123 Simple WebSocket demo [LABS] 05:03
124 Content Security Policy [LABS] 02:25
125 Authentication [LABS] 08:55
126 Cross-site WebSocket hijacking [LABS] 02:23
127 Goodbye and kind request 01:41
128 LIVE: Module 3 @ 20/06/2024 36:24
129 Secure Serverless Devlopment @ Marek Sottl 01:07:11

Similar courses to Web Security Dev Academy - 12-week online program

Streaming Databases

Streaming Databasesoreillymedia

Category: Other (Backend)
Duration
Build Telegram Bots with JavaScript: The Complete Guide

Build Telegram Bots with JavaScript: The Complete Guideudemy

Category: JavaScript, Node.js
Duration 5 hours 28 minutes 48 seconds
Uber Clone - Typescript, NodeJS, GraphQL, React, Apollo

Uber Clone - Typescript, NodeJS, GraphQL, React, ApolloNomad Coders

Category: TypeScript, React.js, Node.js, GraphQL
Duration 22 hours 41 minutes 56 seconds
Understanding Node.js: Core Concepts

Understanding Node.js: Core Conceptsudemy

Category: Node.js
Duration 36 hours 3 minutes 40 seconds
Zero to Full Stack Hero

Zero to Full Stack Heropapareact.com

Category: JavaScript, React.js, Others, CSS, Node.js, GraphQL, Firebase
Duration 101 hours 29 minutes 59 seconds
Code With Antonio Workshops

Code With Antonio WorkshopsCode With Antonio

Category: Other (Frontend)
Duration 17 hours 3 minutes 7 seconds
Transform Your Craft with TDD: Master clean code and testing

Transform Your Craft with TDD: Master clean code and testingDaniel Moka

Category: TypeScript, Rust
Duration 4 hours 7 minutes 36 seconds