4

Web Security Academy

 3 years ago
source link: https://websecurity-academy.com/?utm_campaign=waiting_list_invite
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client
Web Security Academy
This website uses cookies to ensure you get the best experience on our website. Learn more

Web Security Academy

12-week online bootcamp

Learn all you need about full-stack Web Security, implement a secure role-based enterprise-grade authorization and master OAuth/OIDC (and more!)

swatch
By the end of this program, you will...
Have a complete understanding of the Web Security model and fill all knowledge gaps
Learn Web Security vulnerabilities and industry-standard prevention methods
Know how to implement an ultra-secure role-based access control in a real-life full-stack application
Master the complexity of OAuth/OIdC and be able to implement different flows securely
Who is the Academy for
🚀 The program is great for you if you are a:
• full-stack developer able to think beyond a single stack
• backend developer not afraid of frontend world
• frontend developer willing to understand backend security
We use Angular and Node (with TypeScript), but the underlying concepts are applicable to any web stack. The first 5 modules are technology agnostic - you have 5 weeks to catch up!
Agenda - watch demos 📺
The big plan
  • Welcome lesson
  • The big goal
  • Structure and topics
    PLAY NOW
  • What you need
  • Training outcomes
  • Your first task 🚀
Web Security model
  • Same-origin policy
  • Cross-origin resource sharing
  • Content Security Policy
  • Reporting in Content Security Policy
  • Hashes and nonces
  • Subresource integrity
  • Assignment ⚙
Client vs. server security
  • Client-side security
  • Server-side security
  • HTTPS Communication
  • Tokens vs. sessions
  • When to use tokens
  • When to use sessions
  • Assignment ⚙
Security vulnerabilities
  • OWASP Top 10
    PLAY NOW
  • Cross-site scripting
  • Cross-site request forgery
  • JWT Hacking
    PLAY NOW
  • Other web applications attacks
  • Assignment ⚙
Application architecure
  • Role-based access control design
  • Application architecure
  • Authentication vs. authorization
  • Secured Angular parts
  • Secured API
  • Node.js application setup
  • Assignment ⚙
Core features implementation
  • Login feature in Angular
  • Login feature in Node
  • Sign up feature in Angular
  • Sign up feature in Node
    PLAY NOW
  • Router Guards
  • Http Interceptors
  • Assignment ⚙
Client security implementation
  • Content Security Policy
  • XSS prevention
  • CSRF prevention
  • HttpOnly and Secure Cookies
  • UserAuth object
  • Conditional components visibility
  • Coding task 🔧
API security implementation
  • Working with sever-side session
  • Logging access and application events
  • Throttling failed logins
  • Input sanitization and validation
  • Two vectors of authorization
  • Preventing unauthorized requests
  • Setting up CORS
  • Coding task 🔧
Roles and account management
  • Adding a new user to an account
  • Confirming a new user for an account
  • Password recovery
  • Managing active sessions
  • Removing logged users
External authentication
  • Main players in OAuth 2.0
  • Understanding different OAuth flows
  • Security measures in OAuth 2.0
  • Authorization Code Flow + PKCE
  • Id Token vs. Access Token
  • Using OpenID Connect (OIDC)
  • Coding task 🔧
Two-factor authentication
  • Multi-factor authentication mechanics
  • Two-factor authentication with Google Authenticator
    PLAY NOW
  • Requesting one-time password (OTP)
  • Validating one-time password (OTP)
  • Setting up 2FA
External user management
  • Federated identity management (FIM)
  • Single sign-on (SSO)
  • FIM providers comparison
  • IDaaS - Identity as a Service
  • Auth features externalization
  • Implementing Auth0 integration
  • Coding task 🔧
Each video with subtitles
Growing list of FREE bonuses 🤩
Firebase security
Created by Fireship.io
  • Firestore rules basics
  • Logic organization with custom functions
  • Common examples: role-based auth, access-control list, rate-limiting
  • Unit testing rules locally
GDPR and legal guide
Created with a lawyer
  • Personal data intro for developers
  • What you MUST do for legal compliance
  • Privacy Policy
  • Terms and Conditions
  • GDPR and regulations around the World
  • Using cookies and consent
WebSockets security
  • Same origin Policy
  • Bypassing authorization
  • Tunneling
  • Encryption
  • DoS Attacks
Security testing
  • Introduction to penetration testing
  • Using Burp Suite tools
  • Looking for security issues
  • Using repeater, intruder, decoder, sequencer
  • Further investigation
Recent security attacks debrief
Coming soon! ⌛
  • Popular companies that were hacked
  • Recent huge hacks explained
  • Reseasons of security breaches
  • Strategies that could have prevented hacks (and and save milions of dollars)
To be announced
Coming soon! ⌛
  • Your topic may be here!
  • To be decided based on needs
  • Free of charge for current students
What is included in the Academy
12-week learning program in the form of on-demand video lessons + ALL bonus modules
Access to the monthly LIVE Q&A (show your screen & code!)
12 weeks of premium support to solve coding and design challanges
Access to the closed Slack community of devs learning together & discussing unique cases
English captions for every video lesson (with one-click translation to any language!)
Certificate of graduation with your name on it (add it to your resume!)
Life-time access to the program
(with all future updates) 🔥
ENROLLMENT IS CLOSED
Join the waiting list to be notified about the program launch and get some awesome bonuses! 😍
Every Tuesday I will send you a juicy email with a quick tip about making Web applications more secure!
What others say
Wistia video thumbnail
Our amazing students ❤
Worldwide
Wistia video thumbnail
Yalon K.
Web developer, Israel
Wistia video thumbnail
Ioannis K.
Web developer, Greece
Wistia video thumbnail
Claudiu O.
Web developer, Romania
Bartosz's experience is demonstrated in the Web Security program. I was pleased to go over the first few lessons and learn the theory behind Web Security. All the concepts learned were later put into practice with his great Angular application backed by a Node.js service. Although I'm a Spring Boot developer, I was able to apply all the principles and concepts of Web Security in my applications. Also, the live sessions are essential in this program to ask and respond questions and build a great community. The program is updated regularly with new modules, I can't wait for the Firebase Security one! Keep up the great work!
Ruben O.
Full-stack Web Developer, Canada
Finding a complete and up to date Web security content is hard and time consuming, especially as a whole. With Web Security Academy, I found out a great opportunity to learn about security in depth both on client and server sides. The program's material isn't just a simple support to learn but provides good practices of a real world application. Bartosz is a great teacher and meetings with him and other students is part of the program, giving you the support from a whole community.
Gérôme G.
Web developer, France
This program will give you a fresh perspective in security for the web, regardless if you've been in dev for years or are a new programmer. Bartosz builds lessons from upcoming web security standards making the curriculum up-to-date, contrasting what others might find on a bookshelf. I guarantee you'll find value in this program.
Peter M.
Founder at Geogram, USA
I am very skeptical about online courses or courses in general. However, I have seen Bartosz on YouTube in some videos and decided to join the program because I was excited by the way it was structured. There were many topics I was already experienced in but I must say that I still learned a lot. Especially the Online Meetings and the knowledge exchange was a real added value and I would recommend this program to anyone. The content did not disappoint me and I learned exactly the things I needed to develop in this area. Good Job Bartosz!
David K.
Software engineer, Germany
Show more testiomials
Risk-free guarantee
The materials are designed to give you 10x more value than you expect. But, if for whatever reason you will not be satified, then you can write an email within 30 days since your purchase to [email protected] and I will give you money back.
My goal is to help you and give as much value as possible.
Frequently Asked Questions
How long do I have my membership in the program?
You receive a life-time membership in the program. It also means that if the program is extended with the new modules in the future, you will have the access to it, without any additional costs.
Do you provide any guarantee?
Yes, I do. Academy offers 30 days money-back guarantee. If you don't find the program fitting your needs after 30 days of your purchase, you can ask for the refund - you just send an email to [email protected] and you will receive your money back.
I don't have time to take such a comprehensive program. Is it for me?
In order to take advantage of the program you have to invest at least 1 hour a week. The materials are going to be concise and concrete to maximize the learning and minimize the time needed for it.
Will I receive a bill for later reimbursement by my company?
Yes, you will receive the bill for later reimbursement. That's really good that your employer invests in you!
Is it all Angular and Node specific?
No! Indeed, the main project's implementation is based on Angular and Node.js (with TypeScript), but underlying concepts are applicable to any stack (React, Vue, Java, .net, Python, etc.).
Do you add VAT tax to the purchase?
The payment system automatically verifies if VAT is applicable for you depending on your location and legal status. If you see VAT added to your purchase, most often it's enough to provide your VAT ID to make it disappear. If you don't have a VAT ID, then email me at [email protected] so I can generate a discount for you to take this surcharge on me.
Your teacher
  • Taught hundreds of developers around the World
  • Holds a Master's degree in Computer Science
  • Spoke at conferences like AngularUP, ngVikings, NG-Colombia, JSConf.be, HolyJS and more
  • Worked at companies like Credit Suisse, UBS, F-Secure, Tecnotree building enterprise software
  • Writes technical articles about full-stack Angular development
Bartosz Pietrucha
Academy Founder
Supported by mentors in our Slack community
Is there another way?
Of course! You can be learning on your own, googling, writing questions on StackOverflow, etc. But it takes a lot of time...

What I am offering you is a MASSIVE shortcut in a supportive learning enviroment. Take a look at what Ales said.
Get your lifetime access! 🔥

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK