Philippe de Ryck: Web Security – GOTO Academy NL

Philippe de Ryck: Web Security

Building secure applications is more critical than ever. Unfortunately, distributing a couple of cheat sheets among developers does not get you very far. The key to building more secure software is knowledge. Knowledge of the current security landscape. Knowledge of relevant threats and their corresponding mitigation techniques.

In this Masterclass we will look at common vulnerabilities in web applications. Topics include Cross-Site Scripting, Content Security Policy, authorization, JSON Web Tokens, OAuth 2.0 and OpenID Connect. In the end, you will have an overview of current best practices for building secure applications. Additionally, you will have learned to recognise security issues in future scenarios.

This Masterclass consists of a mix of lectures and labs. Lectures provide the necessary knowledge, and lab sessions show the practical side of attacks and defenses. During the labs and the breaks, there is plenty of time to answer detailed questions or discuss individual scenarios.


Day 1: Masterclass Outline
  • Introduction (30 minute lecture / lab)
  • Cross-Site Scripting (XSS) (60 minute lecture)
  • XSS in modern JS applications (30 minute lecture)
  • Lab XSS (60 minute lab)
  • Content Security Policy (CSP) (60 minute lecture)
  • Lab CSP (60 minute lab)
  • Implementing an authorization framework (60 minute lecture)
  • Lab authorization (60 minute lab)
    Day 2: Masterclass Outline
    • JSON Web Tokens (JWT) (60 minute lecture)
    • Lab JWT (30 minute lab)
    • Introduction to OAuth 2.0 and OIDC (60 minute lecture)
    • Lab introduction OAuth 2.0 / OIDC (45 minute lab)
    • Securing an architecture with OAuth 2.0 and OIDC (90 minute lecture)
    • Lab OAuth 2.0 & OIDC (45 minute lab)
    • Overview and conclusion (10 minute lecture)


      2 day Web Security at a glance

      Gain knowledge, understand the practical side with the lab sessions, and ask detailed questions about individual scenarios to a Web Security expert.


      Contact us


      2 days, 09:00-17:00



      Course delivered in English by Philippe de Ryck



      Developers that want to learn more about web security & security engineering and want to apply it in their work


      About Philippe de Ryck

      Philippe is the founder of Pragmatic Web Security and travels the world to train developers on web security and security engineering. Google recognizes Philippe as a Google Developer Expert for his knowledge of web security.

      He has obtained a Ph.D. in web security from the University of Leuven (Belgium). During his Ph.D., he published a book titled “Primer on client-side web security.” After running a commercial web security training program for the university, Philippe has become an independent web security expert.

      Philippe also volunteers as the course curator for the SecAppDev course. Since 2005, this yearly week-long course focuses on security for developers.

      You can find Philippe on Twitter . 

      Upcoming training dates

      Sorry, there are no products in this collection