React Security and API Security course bundle

In-depth overview of modern security best practices

Do you know how about current best practices to build secure React frontends? And how can you avoid common API security pitfalls? These are not easy questions ... and the answer consists of a set of secure coding guidelines and security best practices to follow. These courses provide you with applicable security knowledge to immediately boost the security of your React applications and APIs.

In the Cutting-edge React security course, we offer best practices to secure your React frontends. The course covers:

  • Secure coding guidelines to avoid XSS in React
  • Advanced XSS attack vectors in React
  • Deploying modern CSP policies for React applications
  • Leveraging Trusted Types as a platform-level defense
  • The security challenges of server-side rendering (SSR)

In the API Security best practices course, we focus on security guidelines to avoid common API security pitfalls. The course covers:

  • API authentication techniques
  • API authorization failures and best practices
  • The "cookies vs tokens" debate
  • JWT security
  • Preventing Server-Side Request Forgery (SSRF)
  • Understanding and configuring CORS for your API
  • Locking down your APIs with strict security headers

I have worked with thousands of developers to help them understand the ins and outs of React security and API security. I have seen them struggle, but I have also seen them succeed. That's why I can promise you that by the end of these course, you will be confident to assess and improve the security of your applications.

This course bundle delivers the contents of a 3+ day security workshop in easy-to-consume chapters.

Register now

Course bundle

This bundle consists of two courses: Cutting-edge React Security and API Security Best Practices

Cutting-edge React security

React applications disrupt the traditional web security landscape, and finding reliable security advice is hard. Most React security content is superficial and ignores challenges real-world applications face. This course will help you to truly understand attacks and defenses in a React world.

With a mix of lectures, demos, quizzes, and cheat sheets, participants discover best practices for building secure React applications. We explore what security measures React provides out-of-the-box, along with common mistakes that circumvent these protections. Using concrete examples, we build up a set of best practices to address the security shortcomings of React. Additionally, we discuss how to use modern browser features, such as Content Security Policy and Trusted Types, to apply a defense-in-depth strategy to your React applications. Finally, we investigate how to apply the covered security guidelines in server-side rendering scenarios.

This course offers a deep understanding of vulnerabilities and defenses in modern React applications. At the end of this course, you walk away with practical and immediately applicable security advice to improve the security of your React applications.

API Security best practices

Building secure APIs and microservices is hard, really hard. Not only do you have to make the right architectural security decisions, but you also have to be aware of various implementation vulnerabilities to ensure the security of your applications. This course provides API developers and full-stack developers with the necessary knowledge to assess and improve the security of their applications.

With a mix of lectures, demos, quizzes, and cheat sheets, participants discover best practices for building secure APIs. We start this course by building a secure foundation to define a solid security baseline for any API. Next, we investigate various techniques to implement authentication and authorization, along with their trade-offs and pitfalls. We dive deep into handling authentication state, discussing the use of cookies or custom headers with tokens. Using concrete examples, we'll build up a set of guidelines for securely handling JSON Web Tokens (JWT). Finally, we explore how to protect against server-side request forgery (SSRF), potentially the fastest growing danger to modern APIs.

This course offers a deep understanding of the principles to build modern, secure APIs. At the end of this course, you walk away with practical and immediately applicable security advice to improve the security of your applications.

Private consulting session (Only available in the private bundle)

From my experience in advising companies on secure application development, I have learned that each architecture has its unique challenges. Security best practices offer you the building blocks, but figuring out how to use them effectively in your application is up to you. Doing so will raise questions about which trade-offs to make in the design and implementation of your applications.

This private consulting session gives us the time to discuss your specific scenarios and questions in detail. For two hours, you get to pick my brain on frontend security, API security, and other security issues. I will answer your questions and give concrete guidelines on improving the security of your applications. This session is the perfect opportunity to get a second set of eyes on your project.

Ready to level up on React security and API security?

Start now
Philippe De Ryck

Hi, I'm Dr. Philippe De Ryck

I provide professionals like you with the high-quality security knowledge they need to perform at their best.

My Ph.D. in web security gives me a unique perspective into the most complex security challenges developers face today. In my training courses, I help you understand these challenges, I teach you about potential solutions, and I help you decide which solution fits best for your applications.

I have been invited to join the Google Developer Expert program for my work on web security, and the Auth0 Ambassador program for my work on identity and access management.

Fortune 500 companies rely on me as a trainer and adviser to help them improve their security practices. Through this online course, you too can access the highest quality security content available today.

Philippe De Ryck

Hi, I'm Dr. Philippe De Ryck

I provide professionals like you with the high-quality security knowledge they need to perform at their best.

My Ph.D. in web security gives me a unique perspective into the most complex security challenges developers face today. In my training courses, I help you understand these challenges, I teach you about potential solutions, and I help you decide which solution fits best for your applications.

I have been invited to join the Google Developer Expert program for my work on web security, and the Auth0 Ambassador program for my work on identity and access management.

Fortune 500 companies rely on me as a trainer and adviser to help them improve their security practices. Through this online course, you too can access the highest quality security content available today.

What to expect

This virtual training course offers the highest quality training content on React Security and API Security. Live-taught lectures provide you with in-depth knowledge about these technologies. Throughout the lectures, polls and quizzes are used to create an engaging and immersive experience. Demos on a training application show practical scenarios and help make the details tangible.

A PDF copy of the slides will be made available before the start of each lecture. During the lecture, you can ask questions through the webinar environment. Throughout the session, the most relevant questions will be answered.

Shortly after each lecture, we upload the full recording of the lecture to the online course platform. These recordings remain available, allowing you to revisit parts of the lecture, or catch up on a lecture you have missed.

Pricing

Tickets are available for each of the courses individually, or as a discounted course bundle. To join, purchase one of these ticket options from the course platform.

Cutting-edge React Security

$ 299

  • Unlimited access to the recordings

  • High-quality course materials

  • Knowledge checks

  • Code examples

More Information

API Security best practices

$ 349

  • Unlimited access to the recordings

  • High-quality course materials

  • Knowledge checks

  • Code examples

More Information

React / API security Bundle

$ 519

  • Unlimited access to the recordings for both courses

  • High-quality course materials

  • Knowledge checks

  • Code examples

More Information

Private course Bundle

$ 1319

  • Everything from the React / API security bundle

  • 2 hours private consulting

  • Ask feedback on your projects

  • Scheduled in mutual agreement

More Information

Prices listed here include all taxes and transaction fees.

FAQ

You can find an elaborate FAQ on the course page. If you have a question, you will likely find the answer in the list below. If that is not the case, don't hesitate to reach out via email (courses@pragmaticwebsecurity.com).

What others are saying about Philippe's courses

It’s rare to find professionals who have both the technical ability and presentation skills it takes to be a successful instructor-led-trainer. Dr. Philippe De Ryck has both and more in spades!

Jim Manico, CEO at Manicode Security

I would definitely take any class taught by Philippe again. He was the best instructor I’ve ever had (including a $5000 CISSP boot camp led by ISC2).

Software engineer at a Fortune 500 company

Philippe delivered a comprehensive series on OIDC and OAuth flows and security of modern apps and API's and I couldn't be more happy with this valuable resource for our developers. Thank you so much Dr. Philippe!

Jet Anderson, Code Doctor at Nike

Stop digging through Stack Overflow and join this course for in-depth and up-to-date security best practices.

Sign up now

Philippe deilvers high-quality, to-the-point and up-to-date trainings about web security. We had him twice at our conference and got only very positive feedback. Do you consider booking him for a training? That's an easy decision: Do it.

Profile picture Thomas Konrad

Thomas Konrad
Organizer of the sec4dev conference