English | MP4 | AVC 1920×1080 | AAC 44KHz 2ch | 129 Lessons (16h 37m) | 2.97 GB
Engineer secure web applications. Master the Secrets of Building Secure Web Applications
Developers with security skills in highest demand – Are you prepared? Become a Security-Oriented Software Developer & watch your salary soar!
By the end of this program, you will…
- Have a complete understanding of the Web security model and fill all your knowledge gaps as a developer
- Learn Web security vulnerabilities and implement industry-standard prevention methods
- Know how to design & build an ultra-secure role-based access control system in a real-world, full-stack application
- Master the complexity of OAuth/OIDC and be able to implement different flows securely for specific use cases
You are a best fit if you are:
- a full-stack developer (best match),
- a frontend developer concerned about application security (yes, it really matters),
- a backend developer interested in secure coding practices (from the inside out),
- an application security engineer seeking to deepen practical application knowledge,
- a system administrator interested in understanding web security from a coding angle.
You may not be a good fit if you are:
- completely unfamiliar with JavaScript / HTML,
- looking for basic IT or computer science fundamentals,
- primarily focused on non-web IT security (e.g., network security, IT auditing),
- a complete beginner in programming without any background in web technologies,
- seeking a course on user interface design or user experience principles.
The program is for you if you want to:
- engineer ultra-secure Web applications,
- understand the model of security in Web applications,
- be aware of potential risks once the application is live,
- stop blindly relying on frameworks in the hope of security,
- see the full perspective of frontend and backend security,
- integrate security testing into your development workflow,
- learn tons of valuable tips & tricks improving the security,
- join the World-wide community of like-minded developers.
Practical project with real-world features
You’ll learn theoretical knowledge and use it to practically secure a real-life personal money tracker application. This project is composed of five key modules — Auth, Dashboard, Expenses, Settings, and Admin — each designed to challenge and enhance your Web security skills. You’ll learn role-based access control (RBAC) to manage different user permissions effectively and implement cutting-edge security mechanisms across both frontend and backend systems.
Table of Contents
1 Welcome lesson
2 Program structure and topics
3 Training outcomes
4 What you need
5 Your first task
6 Welcome lesson
7 Same-origin policy
8 Cross-origin resource sharing
9 Same-origin policy [LABS]
10 Cross-origin resource sharing [LABS]
11 Content Security Policy
12 Content Security Policy [LABS]
13 Content Security Policy – Reporting [LABS]
14 Subresource Integrity [LABS]
15 Homework
16 Welcome lesson
17 Client-side security boundaries
18 Server-side security
19 HTTPS
20 Sessions vs. Tokens
21 When to use Sessions vs. JWT Tokens
22 Homework
23 Welcome lesson
24 OWASP Top 10
25 Cross-site scripting
26 Cross-site scripting [LABS]
27 Cross-site request forgery
28 Cross-site request forgery [LABS]
29 JWT Hacking
30 Other security vulnerabilities
31 Welcome lesson
32 Application overview
33 Application presentation
34 Application architecture
35 Authentication vs. authorization
36 Secured Angular part
37 Secured API
38 Node.js application setup
39 Homework
40 Welcome lesson
41 Features overview
42 Login feature [Angular]
43 Login feature [Node]
44 Sign up feature [Angular]
45 Sign up feature [Node]
46 Router Guards
47 Http Interceptors
48 Homework
49 Welcome lesson
50 XSS prevention
51 CSRF prevention
52 HttpOnly and Secure Cookies
53 UserAuth object
54 Conditional components visibility
55 Homework
56 Welcome lesson
57 UserAuth object
58 Server-side session
59 Logging access and application events
60 Throttling failed logins
61 Input sanitization and validation
62 Preventing calls without the proper role
63 Preventing calls without the ownership
64 Setting up CORS
65 Homework
66 Welcome lesson
67 Adding a new user to account [Angular]
68 Adding a new user to account [Node]
69 Confirming a new user for account [Angular]
70 Confirming a new user for account [Node]
71 Password recovery
72 Managing active sessions
73 Welcome lesson
74 Introduction to OAuth 2.0
75 Different client types and suitable OAuth flows
76 Security measures in OAuth
77 PKCE
78 OpenID Connect
79 Id Token with Implicit flow
80 Id Token with Implicit flow [CODE]
81 Authorization Code flow [CODE]
82 OAuth/OIDC Homework
83 Multi-factor authentication introduction
84 Two-factor authentication demo
85 Requesting OTP [Angular]
86 Validating OTP [Node]
87 2FA settings [Angular]
88 2FA settings [Node]
89 External user management introduction
90 Budget and Auth0 integration presentation
91 Auth0 integration [Angular]
92 Auth0 integration [Node]
93 Homework
94 Intro
95 Getting started
96 Basic match
97 Basic allow
98 Basic conditions
99 Common examples
100 Functions
101 Read other documents
102 Chat example
103 Role-based auth example
104 Security testing introduction
105 Setting up mock Firestore
106 Unit testing with mock data
107 Debugging security rules
108 Welcome lesson
109 Personal data introduction
110 Privacy Policy
111 Terms and Conditions
112 GDPR and regulations in the World
113 Cookies
114 Summary
115 Introduction
116 Same-origin Policy
117 User authentication
118 Origin spoofing
119 Input validation
120 TCP tunneling
121 Denial of Service (DoS)
122 WSS Encryption
123 Simple WebSocket demo [LABS]
124 Content Security Policy [LABS]
125 Authentication [LABS]
126 Cross-site WebSocket hijacking [LABS]
127 Goodbye and kind request
128 LIVE: Module 3 @ 20/06/2024
129 Secure Serverless Devlopment @ Marek Sottl
Resolve the captcha to access the links!