Fullstack Developer Security STARTER KIT

Start developing secure Web applications
without guesswork or conflicting tutorials

Learn the most important Web app security principles in 1 hour (with practical coding labs) 🤩

Click the button to get this Starter Kit (Web Security Fundamentals)

Trusted ♥️ by developers at


"The laboratory sessions ARE MINDBLOWING!" 🤯


🛡️ Practically examine all the nitty gritty of Same-Origin Policy - the most important Web security principle

⚠️ WHY IT MATTERS: The Same-Origin Policy (SOP) was introduced to web browsers in the early 1990s as a fundamental security mechanism to prevent some of the potential risks that arise when different websites interact with each other. It was implemented to restrict how a script loaded from one origin (scheme, hostname, and port) can interact with resources from another origin.

🛡️ Find out the reason behind CORS errors (yes, yes - this infamous No Access Control Allow Origin headers is present error!).

⚠️ WHY IT MATTERS: Cross-Origin Resource Sharing (CORS) was introduced to browsers as a method to enable controlled access to resources located outside of a given domain. Before CORS, the Same-Origin Policy restricted web pages from making requests to a different domain than the one that served the web page, as a security measure to prevent malicious scripts from interacting with data.

🛡️ Build a robust Content Security Policy against cross-site scripting attacks (XSS)

⚠️ WHY IT MATTERS: Cross-site scripting can steal cookies, hijack sessions, impersonate users, perform complete website defacement, execute phishing attacks, and much more harm. It is essential to understand how a properly implemented Content Security Policy reduces the risk of XSS to the minimum.

🛡️ Set up reporting features to catch attack attempts (security violations)

⚠️ WHY IT MATTERS: Content Security Policy (CSP) includes a powerful feature known as "reporting," which plays a critical role in monitoring and enhancing the security of a web application. CSP reporting allows website administrators to receive reports about violations of the defined CSP. This feature is crucial as it provides real-time feedback on policy violations.

🛡️ Create integrity checks on external scripts (minimize the risk of deadly XSS!)

⚠️ WHY IT MATTERS: Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (such as JavaScript and CSS files) are delivered without unexpected manipulation. It's a crucial part of ensuring web security, particularly when including third-party resources like libraries or scripts from external servers like CDNs.


✔️ Learn how JSON Web Tokens (JWT) can be hacked (this will LITERALLY blow your mind) 🤯🤯🤯

✔️ Understand how time-based one-time passwords (TOTP) work for 2-factor authentication 🔑

✔️ Receive a comprehensive deep-dive into OWASP Top 10 security vulnerabilities 📝

✔️ Access the exclusive Discord community of security-oriented Web developers 👩‍💻

✔️ Receive a PDF certificate with your name on it 📜


✔️ 7 must-know steps to making modern Web applications as secure as medieval strongholds! ⚔️

In-depth guide you can't generate with

  1. Understand the Web security model (this Starter Kit!)
  2. Prevent common security vulnerabilities
  3. Choose a proper authorization architecture
  4. Cookies or JWT
  5. Stateless or stateful
  6. Implement a secure role-based authorization
  7. Add additional layers of security
  8. Use different levels of logging
  9. Test application security

"I didn't have any idea HOW IMPORTANT they were..."

Enjoy the intuitive platform ♥️

Run the code labs on your machine 💪

What students say

Opinions of my students from the Web Security Dev Academy

Trust Dev Academy Excellent rating on TrustPilot

TrustPilot Stars Badge

"...dang, WE GOT IT WRONG" 🤯


"This checklist is brilliant. It helped us to pass the security pentest." - Alex, Web developer

Clickable PDF checklist with 20 points
hacker-proofing your applications

Certificate of Graduation 💼
to share on LinkedIn

Helpful Discord community 👻

Ask questions and build meaningful interactions with other security-oriented developers worldwide inside our Discord community

Meet developers from all around the world! 🤩

This course is designed to be a comprehensive, step-by-step process with coding laboratories that allow you to gain hands-on experience. 👩‍💻

The level of detail in the explanation videos and practical coding labs is highly praised ♥️ by students, making it way more effective than watching free YouTube videos. 🎬

Bartosz Pietrucha


  • Spent over a decade in software engineering
  • Taught thousands of developers worldwide
  • Holds a Master's degree in Computer Science
  • Spoke at conferences like AngularUP, ngVikings, NG-Colombia, JSConf.be, HolyJS and more
  • Worked for companies like Credit Suisse, UBS, F-Secure, Tecnotree, Elkjop, building complex enterprise software of different sizes
  • Runs Web Security Dev Academy program
  • Promotes Web security as Snyk.io Ambassador 🛡️

What is the story of Bartosz

Found passion at a young age ♥️

Bartosz was lucky to find his passion for technology as a young boy. Since then he started learning programming. His first language was Turbo Pascal.

Left well-paid corporate job

He graduated from the university with a Computer Science Master Degree and worked in many international projects as a software engineer. He left to teach others.

Started teaching online

Bartosz started Dev Academy with the mission to help ambitious developers with fundamental topics like security, testing, and design. The mission continues giving him a lot of satisfaction.

Before teaching online, he conducted countless workshops in real life...


The materials are designed to give you 10x more value than you expect.

But, if for whatever reason you will not be satisfied, then you can write an email within 14 days of your purchase to bartosz [AT] dev-academy.com and I will give you the money back.

My goal is to help you and give as much value as possible.

Got Questions?

Feel free to email me at

bartosz [AT] dev-academy.com

4.7/5 ⭐️ TrustPilot rating