Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Web Security Dev Academy
Module 1: The big plan
Welcome lesson (1:33)
Program structure and topics (3:05)
Training outcomes (2:10)
What you need (2:02)
Your first task (1:12)
Module 2: Web Security Model
Welcome lesson (0:38)
Same-origin policy (6:28)
Cross-origin resource sharing (2:36)
Same-origin policy [LABS] (7:33)
Cross-origin resource sharing [LABS] (3:10)
Content Security Policy (7:10)
Content Security Policy [LABS] (22:53)
Content Security Policy - Reporting [LABS] (2:44)
Subresource Integrity [LABS] (3:15)
Homework (0:58)
Source code [LABS]
Module 3: Client vs. server security
Welcome lesson (0:32)
Client-side security boundaries (9:22)
Server-side security (9:12)
HTTPS (6:01)
Sessions vs. Tokens (17:20)
When to use Sessions vs. JWT Tokens (5:51)
Homework (2:07)
Module 4: Security vulnerabilities
Welcome lesson (1:00)
OWASP Top 10 (20:20)
Cross-site scripting (11:15)
Cross-site scripting [LABS] (15:48)
Cross-site request forgery (10:14)
Cross-site request forgery [LABS] (18:42)
JWT Hacking (14:32)
Other security vulnerabilities (1:50)
Homework
Module 5: Application architecture
Welcome lesson (0:18)
Application overview (10:58)
Application presentation (3:03)
Application architecture (10:08)
Authentication vs. authorization (7:22)
Secured Angular part (7:54)
Secured API (10:18)
Node.js application setup (3:36)
Homework (1:47)
Application source code ⚡
Module 6: Core features implementation
Welcome lesson (0:59)
Features overview (13:53)
Login feature [Angular] (13:59)
Login feature [Node] (19:46)
Sign up feature [Angular] (5:22)
Sign up feature [Node] (15:00)
Router Guards (5:41)
Http Interceptors (8:08)
Homework (1:15)
Module 7: Client security implementation
Welcome lesson (0:32)
XSS prevention (11:00)
CSRF prevention (12:38)
HttpOnly and Secure Cookies (2:05)
UserAuth object (6:26)
Conditional components visibility (8:54)
Homework (0:59)
Module 8: API security implementation
Welcome lesson (0:58)
UserAuth object (4:44)
Server-side session (3:10)
Logging access and application events (23:24)
Throttling failed logins (13:28)
Input sanitization and validation (12:24)
Preventing calls without the proper role (7:07)
Preventing calls without the ownership (3:22)
Setting up CORS (2:41)
Homework (1:34)
Module 9: Roles and account management
Welcome lesson (1:05)
Adding a new user to account [Angular] (16:12)
Adding a new user to account [Node] (13:05)
Confirming a new user for account [Angular] (4:59)
Confirming a new user for account [Node] (1:40)
Password recovery (11:48)
Managing active sessions (13:39)
Module 10: External authentication
Welcome lesson (2:05)
Introduction to OAuth 2.0 (9:58)
Different client types and suitable OAuth flows (18:50)
Security measures in OAuth (9:42)
PKCE (8:51)
OpenID Connect (11:47)
Id Token with Implicit flow (3:39)
Id Token with Implicit flow [CODE] (9:53)
Authorization Code flow [CODE] (25:32)
OAuth/OIDC Homework (3:37)
Module 11: Multi-factor authentication
Multi-factor authentication introduction (12:06)
Two-factor authentication demo (2:50)
Requesting OTP [Angular] (9:45)
Validating OTP [Node] (8:35)
2FA settings [Angular] (5:18)
2FA settings [Node] (4:13)
Module 12: External user management
External user management introduction (18:22)
Budget and Auth0 integration presentation (1:58)
Auth0 integration [Angular] (3:07)
Auth0 integration [Node] (13:58)
Homework (0:53)
Bonus: Firebase Security
Intro (1:18)
Getting started (5:09)
Basic match (3:19)
Basic allow (2:16)
Basic conditions (3:32)
Common examples (5:30)
Functions (4:29)
Read other documents (3:57)
Chat example (4:48)
Role-based auth example (5:43)
Security testing introduction (2:48)
Setting up mock Firestore (4:00)
Unit testing with mock data (3:58)
Debugging security rules (2:04)
Bonus: GDPR and legal guidance
Welcome lesson (3:04)
Personal data introduction (21:20)
Privacy Policy (21:37)
Terms and Conditions (2:51)
GDPR and regulations in the World (13:54)
Cookies (15:09)
Summary (5:42)
Disclaimer
Bonus: WebSockets Security
Introduction (2:52)
Same-origin Policy (2:01)
User authentication (3:34)
Origin spoofing (1:39)
Input validation (3:21)
TCP tunneling (4:18)
Denial of Service (DoS) (2:09)
WSS Encryption (0:58)
Simple WebSocket demo [LABS] (5:02)
Content Security Policy [LABS] (2:24)
Authentication [LABS] (8:54)
Cross-site WebSocket hijacking [LABS] (2:22)
Bonus: WebSecurity Testing
[available soon]
Final module (must watch)
Goodbye and kind request (1:40)
Logging access and application events
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock