Security training for developers
The courses from Pragmatic Web Security help developers, architects and security professionals grasp the full security picture. Not only do they yield direct results, but they also gear up practitioners to recognize security issues in future scenarios.
There is no one-size-fits-all approach to security. So why waste time on generic security courses? At Pragmatic Web Security, you create your own customized security course. Picking relevant content modules from an extensive curriculum ensures optimal engagement and applicability. Topics range from security essentials to advanced security concepts.
Don't be fooled. Web security is hardly a simple topic. Everything is connected and security mechanisms often build upon foundational concepts. Training courses from Pragmatic Web Security go beyond textbook examples. In-depth lectures help developers understand the complicated security landscape. Hands-on labs illustrate vulnerabilities and defenses.
Hands-on lab sessions
High-quality lab sessions are a cornerstone of Pragmatic Web Security courses. Practical lab sessions are essential to optimize retention of the content. During a lab session, participants attack and defend a custom-built training application. Seeing attacks and defenses in a realistic setting gives developers a head start to improve their code.
Want to learn more? Get in touch!Contact Information
Training materials and the lab environments are available for licensing. Pragmatic Web Security also offers architectural security assessments, technical writing services or short-term security consulting services. Don't hesitate to reach out for more information.
Meet the instructor
Hi, I'm Philippe, and I'm a passionate web security instructor. My goal is to give practitioners the security knowledge they need to build better and more secure applications. With Pragmatic Web Security, I deliver private security courses around the world. I also regularly speak at conferences and meetups.
Dr. Philippe De Ryck
PhD in web security
Google Developer Expert
I am the founder of Pragmatic Web Security, where I travel the world to train developers on web security and security engineering. From my Ph.D., I have gained a deep understanding of the web, its vulnerabilities and its security technologies. In my courses, I channel this knowledge into practical and actional security advice for developers.
I have obtained a Ph.D. in web security from the imec-DistriNet research group (University of Leuven, Belgium). During my Ph.D., I published a book titled Primer on client-side web security. I also built the university's online Web Security Fundamentals course.
Since 2018, I am a Google Developer Expert, a recognition of my contributions to share my security knowledge with the community. I also volunteer as the course curator for the SecAppDev course. Since 2005, this yearly week-long course focuses on security for developers.
Here's industry veteran Jim Manico's opinion ...
Dr. Philippe De Ryck is a stellar secure coding instructor. He brings an immense body of web security knowledge to the classroom when teaching his various class offerings. His style is both focused yet inviting which encourages students to participate in class. It's rare to find professionals who have both the technical ability and presentation skills it takes to be a successful instructor-led-trainer. Dr. Philippe De Ryck has both and more in spades!
Jim Manico — Founder, Manicode Security
A few recordings of talks and lectures
Courses and talks
Next to private trainings, I also represent Pragmatic Web Security at public events. Take a look below for upcoming security courses, conferences or smaller events.
List of public events:
- Guest blog post on The hard parts of JWT security nobody talks about for Ping Identity (11/01/2019)
- Half-day workshop at hackages: OWASP top 10 vulnerabilities (08/02/2019 - Brussels, Belgium)
- Guest expert at an Ensighten Webinar: Client-Side website security: The missing piece to a secure website (12/02/2019)
- Course curator of SecAppDev, a week-long course on secure application development (18 - 22/02/2019 - Leuven, Belgium)
- Conference talk at Belgian Cyber Security Coalition: Security patterns for keeping secrets in the browser (21/02/2019 - Leuven, Belgium)
- 1-day workshop at sec4dev: A hands-on take on modern web security (25 - 27/02/2019 - Vienna, Austria)
- Conference talk at sec4dev: Common API security pitfalls (25 - 27/02/2019 - Vienna, Austria) (Slides & video)
- 1-day workshop at Angular College: A secure foundation for your Angular application (22/03/2019 - Graz, Austria)
- Meetup talk at Angular Graz Pizza-Meetup: The parts of JWT security nobody talks about (22/03/2019 - Graz, Austria) (Slides)
- Conference talk at LocoMocoSec: The truth about cookies, tokens and APIs (15 - 19/04/2019, Lihue, USA) (Slides)
- Conference talk at InfoShare: Common API security pitfalls (08 - 09/05/2019 - Gdansk, Poland) (Slides & video)
- Conference talk at OWASP Global AppSec Tel Aviv: Common API security pitfalls (29 - 30/05/2019 - Tel Aviv, Israel) (Slides & video)
- Meetup talk at Full Stack Tel Aviv meetup: The parts of JWT security nobody talks about (30/05/2019 - Tel Aviv, Israel) (Slides & video)
- Participation in the Open Security Summit (3 - 7/06/2019 - London, UK)
- Appearance on The Frontside Podcast talking about security in frontend applications (13/06/2019) (Podcast)
- 1-day workshop at GOTO Amsterdam: Client-side security for modern web applications (17/06/2019 - Amsterdam, Netherlands)
- Meetup talk at Amsterdam Secure Software Development: Common API security pitfalls (Slides & video) and The parts of JWT security nobody talks about (Slides & video) (17/06/2019 - Amsterdam, Netherlands)
- Conference talk at GOTO Amsterdam: Common API security pitfalls (19/06/2019 - Amsterdam, Netherlands) (Slides & video)
- Conference talk at GOTO Amsterdam: Taking Security Seriously (19/06/2019 - Amsterdam, Netherlands) (Slides)
- Conference talk at Identiverse: Security patterns for keeping secrets in the browser (25 - 28/06/2019 - Washington DC, USA) (Slides)
- Meetup talk at Nulab Tech Talks Amsterdam: The parts of JWT security nobody talks about (16/07/2019 - Amsterdam, Netherlands) (Slides)
- Free 1-day workshop hosted by Nulabs: Diving into web security with the OWASP top 10 (17/07/2019 - Amsterdam, Netherlands)
- Appearance on The Secure Developer talking about Angular security (01/08/2019) (Slides & video)
- Appearance on Razi's Technology Podcast talking about Keeping secrets in the browser (12/08/2019)
- 2-day workshop at OWASP Global AppSec DC: A builder’s guide to Single Page Application security (09 - 13/09/2019 - Washington DC, USA)
- Conference talk at OWASP Global AppSec DC: Common API security pitfalls (09 - 13/09/2019 - Washington DC, USA)
- Conference talk at Angular Connect: Angular and the OWASP top 10 (19 - 20/09/2019 - London, UK)
- Invited talk at ICTech Day: Introduction to OAuth 2.0 and OpenID Connect (10/10/2019, Antwerpen, Belgium)
- Meetup talk at Dallas.js: Cookies versus tokens: a paradoxical choice (30/08/2018) (Slides)
- Conference talk at JavaZone: Common API security pitfalls (12-13/09/2018) (Slides & video)
- Meetup talks at Angular Oslo: Cookies versus tokens: a paradoxical choice (Slides) / Angular and the OWASP top 10 (Slides) (12/09/2018)
- Meetup talk at BarcelonaJS: Cookies versus tokens: a paradoxical choice (26/09/2018) (Slides)
- Conference talk at JOIN: HTTPS for developers (04/10/2018) (Slides & video)
- Meetup talk at Angular Belgium: Passwords and pixie dust: A look at OAuth 2.0 security in Angular (04/10/2018) (Slides)
- 2-day course: Web Security Essentials (15-16/10/2018)
- 2-day course: Angular Security Masterclass (18-19/10/2018)
- Meetup talk at OWASP Belgium: Common API security pitfalls (23/10/2018) (Slides & video)
- Meetup talk at ngBucharest: Angular and the OWASP top 10 followed by a Q&A on Angular and security (25/10/2018) (Slides)
- Conference talk at OWASP AppSec Bucharest: Cookies versus tokens: a paradoxical choice (26/10/2018) (Slides)
- 1-day workshop at GOTO Berlin: Application Security for User Interface Developers and Designers (30/10/2018)
- Conference talk at GOTO Berlin: From the OWASP Top Ten(s) to the OWASP ASVS (31/10/2018) (Slides)
- Conference talk at GOTO Berlin: Introduction to OAuth 2.0 and OpenID Connect (01/11/2018) (Slides)
- Meetup talk at OWASP Hamburg: Common API security pitfalls (01/11/2018) (Slides & video)
- Meetup talk at OWASP Dresden: Common API security pitfalls (02/11/2018) (Slides & video)
- Conference talk at GOTO Copenhagen: From the OWASP Top Ten(s) to the OWASP ASVS (20/11/2018) (Slides)
- 1-day private workshop for the NG-BE core team: A secure foundation for your Angular application (24/11/2018)
- 1-day workshop at NG-BE: A secure foundation for your Angular application (06/12/2018)
- Conference talk at NG-BE: Angular and the OWASP top 10 (07/12/2018) (Slides & video)
If you are looking for a speaker for your event, do not hesitate to get in touch. Below is a list of previous talks, published with slides and recordings when available.
- Taking security seriously
- Common API security pitfalls
- Security patterns for keeping secrets in the browser
- Introduction to OAuth 2.0 and OpenID Connect
- The truth about cookies, tokens and APIs
- The parts of JWT security nobody talks about
- Angular and the OWASP top 10
- From the OWASP Top Ten(s) to the OWASP ASVS
- HTTPS for developers
- Passwords and pixie dust: A look at OAuth 2.0 security in angularOWASPtop10
- Cookies versus tokens: a paradoxical choice
I am proud to say that a 100% of the post-course evaluation forms so far include a recommendation of the training course to others. The testimonials below give you a good idea of what you can expect from Pragmatic Web Security.
The course consists of high-quality course material. Philippe's lectures cover the theory in a clear an concise manner. The practical labs in between provide a useful way to get practical experience.
We have learned a ton of new security practices, which we will immediately adopt within our development team. The course is highly recommended.
Mattias Vanhoutte — Security Specialist, Televic
Web security and application security are gaining more and more attention. As a developer, you know what's going on, but since these domains are very broad, it is hard to see the full picture. We were not sure whether the Web Security Essentials course was a good fit for our company.
Once the course started, these doubts vanished. The course is well-structured, and accessible for both frontend and backend developers. It changes the way you look at the development of web applications. Following theory sessions with hands-on labs creates an interesting combination. On top of that, you get a head start with the right tools to assess your own application. The gained knowledge and skills are directly applicable, and immediately shared with colleagues. This training has changed the way we work and affected the security of our product.
This training deserves a high recommendation. The course offers varied, up-to-date and detailed content. Security may still be low on the radar, but this 2-day training already makes a world of difference.
Sam Verschueren — Lead Software Engineer, Pridiktiv NV
I have attended all four of the security seminars taught by Philippe and it is a must do for every software engineer. Essential security concepts, mechanisms, vulnerabilities and countermeasures are explained in details with vivid examples of how catastrophic the consequences could be if a software engineer chooses to ignore them.
Philippe explains very thoroughly, yet in a very interesting and clear fashion how elementary it is for the malicious users to exploit a vulnerability. Obviously and most importantly, countermeasures are presented to help us engineers fix the problems systematically and protect our valuable software systems.
The seminars switch between a top-down solid theory behind the security problems and their solutions and hands-on sessions to demonstrate those problems and try the countermeasures in practice.
Aram Hovsepyan — CEO, Codific
Knowledge is key when it comes to Web Security. One little detail can easily break your entire web application security. At NG-BE 2016, Philippe shared some of his insights on on how to prevent XSS attacks in Angular applications. He managed to explain difficult concepts in such a way that the audience could easily understand it. The feedback from the audience was incredibly positive.
Philippe is an expert in security, a great communicator and a wonderful person to interact with. We were incredibly proud to welcome him at NG-BE 2016.
Jurgen Van de Moere — Organizer NG-BE Conference
Interested in more information? Looking for a speaker for your event? In need of a technical writer? Anything else you want to share or ask? Don't hesitate to get in touch
Pragmatic Web Security is based in Belgium, but delivers trainings and talks around the world.