Angular Security Masterclass

A Pragmatic Web Security course

This 2-day course dives into security for Angular: Angular's built-in security mechanisms, client-side security and secure API access to APIs.

Learn more Register

How is security different in an Angular application?

What security features does Angular offer out-of-the-box, and how do you not mess them up?

Should you use client-side sessions, and where do you store the data?

How do you handle authorization in your Angular applications?

Unsure about the answer to one of these questions? Then be sure that the Angular Security Masterclass is a perfect fit for you. During this intensive 2-day course, we will explore how hackers abuse common vulnerabilities. You will learn which countermeasures are available. In the end, you walk away with a set of current best practices you should be applying today!

This 2-day Angular security masterclass is a unique opportunity.
Don't miss it!

Book your seat now
To ensure an interactive and immersive experience, seating for this course is limited.

Angular Security Masterclass

October 18 - 19, 2018 — Leuven (BE)

Day 1

08:30
Registration and welcome coffee
09:00
The security model of the web
09:30
Lab session
10:00
Cross-Site Scripting (XSS) in Angular applications
11:00
Coffee break
11:30
Lab session
12:00
Advanced injection in Angular applications
12:30
Lunch break
13:30
Content Security Policy (CSP) in Angular
14:15
Lab session
15:00
Advanced CSP concepts
15:30
Coffee break
16:00
Subresource Integrity (SRI) for Angular
16:30
Sandboxing untrusted content in Angular
17:00
End of day 1

Day 2

08:30
Welcome coffee
09:00
JSON Web Tokens (JWT)
10:00
REST APIs, sessions and security (part 1)
10:30
Coffee break
10:45
REST APIs, sessions and security (part 2)
11:15
Lab session
12:15
Lunch break
13:15
Introduction to OAuth 2.0 and OpenID Connect
14:15
Authorization in Angular applications
15:15
Coffee break
15:45
Lab session
16:45
Overview of best practices
17:00
End of day 2

Security for developers

Philippe De Ryck

PhD in web security
Google Developer Expert

Philippe De Ryck is the founder of Pragmatic Web Security, where he travels the world to train developers on web security and security engineering.

During his Ph.D., Philippe gained a deep understanding of the web, its vulnerabilities and its security technologies. In recent years, Philippe has specialized himself in Angular security. In this course, he channels this knowledge into practical and actional security advice for developers.

Lectures, demos and labs

In-depth lectures focus on focus on understanding why vulnerabilities exist, and how defenses work. Hands-on lab sessions, based on a custom-built Angular application, explore attacks and defenses in a realistic setting.

Actionable advice

Each module provides actionable advice to improve the security of your applications. Throughout the course, we build up a set of best practices. In the concluding module, we give an overview of best practices, and their priorities.

State-of-the-art technologies

As the web security landscape is in constant evolution, so is the Angular Security Masterclass. Each module covers current best practices, but also looks forward to upcoming security features, currently being implemented across browsers.

Testimonials

This edition of the Angular Security Masterclass is the first public edition. Previous courses and talks on web security and Angular security received great feedback. The comments below give you a good idea of what you can expect.

Dr. Philippe De Ryck is a stellar secure coding instructor. He brings an immense body of web security knowledge to the classroom when teaching his various class offerings. His style is both focused yet inviting which encourages students to participate in class. It's rare to find professionals who have both the technical ability and presentation skills it takes to be a successful instructor-led-trainer. Dr. Philippe De Ryck has both and more in spades!

Jim Manico — Founder, Manicode Security

Knowledge is key when it comes to Web Security. One little detail can easily break your entire web application security. At NG-BE 2016, Philippe shared some of his insights on on how to prevent XSS attacks in Angular applications. He managed to explain difficult concepts in such a way that the audience could easily understand it. The feedback from the audience was incredibly positive.

Philippe is an expert in security, a great communicator and a wonderful person to interact with. We were incredibly proud to welcome him at NG-BE 2016.

Jurgen Van de Moere — Organizer NG-BE Conference

Web security and application security are gaining more and more attention. As a developer, you know what's going on, but since these domains are very broad, it is hard to see the full picture. We were not sure whether the Web Security Essentials course was a good fit for our company.

Once the course started, these doubts vanished. The course is well-structured, and accessible for both frontend and backend developers. It changes the way you look at the development of web applications. Following theory sessions with hands-on labs creates an interesting combination. On top of that, you get a head start with the right tools to assess your own application. The gained knowledge and skills are directly applicable, and immediately shared with colleagues. This training has changed the way we work and affected the security of our product.

This training deserves a high recommendation. The course offers varied, up-to-date and detailed content. Security may still be low on the radar, but this 2-day training already makes a world of difference.

Sam Verschueren — Lead Software Engineer, Pridiktiv NV

Whether you’re a veteran or new, everyone in the industry should attend this training. Either the hands on sessions will be an eye opener on the dangers of failing security and you'll learn how to avoid creating security holes, or it’ll bring you up to speed on latest HSTS policy or CSP headers and properly protect your application using the latest standards.

Thank you Philippe for our in-depth and valuable talks!

Maarten Segers — Consultant, AMPLEXOR

Practical information

What do I need to participate in the lab sessions?

You will receive a VirtualBox image containing all required software and tools at the start of the training. All you need to bring is a computer capable of running VirtualBox VMs.

What course materials do I get?

Pragmatic Web Security offers high-quality course materials. The detailed slides used throughout the lectures are provided both in print and in PDF format. Documentation for the lab sessions is provided within the training environment.

Do you offer course certificates?

Yes, at the end of the course, you receive a personalized and signed certificate of completion.

What is the price?

The price for participating in the full course is € 1 200 excluding VAT. An Early Bird discount is available for a limited period.

If you are a startup, you may be eligible for the Startup Discount Plan (see below).

What is the Startup Discount Plan?

To encourage startups to take security seriously, the Startup Discount Plan offers a 50% discount on the price of the full course. This discount is available to any company that meets all of the following requirements:

  • Is privately held
  • Has been in business for no more than 3 years
  • Is engaged in development of a software-based product or service
  • Is an established business with a website and/or existing public references on the Internet
    Please note that any recently registered affiliates of existing business entities and business entities that were incorporated as a result of any legal/business process (merger, acquisition, etc.) do not qualify for this discount.

If you want to benefit from the Startup Discount Plan, please provide documentation to show that you meet these critera (e.g. Memorandum of Association). You can reach Pragmatic Web Security at registrations@pragmaticwebsecurity.com. After approval, you will receive a discount code which you can use to register for the course.

How do I register?

Registrations are handled by https://www.eventbrite.com/e/angular-security-masterclass-tickets-47548126727#tickets, which offers various methods of payment. You can purchase a ticket using one of the registration buttons on this page.

Where will the training take place?

The course takes place at the Faculty Club in Leuven, Belgium. The full address is Faculty Club, Groot Begijnhof 14, 3000 Leuven. The venue offers free parking, and is easily reachable by public transportation. For more information, check out the site of the venue.