Philippe De Ryck

Hi, I'm Philippe, and I help developers protect companies through better web security. As the founder of Pragmatic Web Security, I travel the world to teach practitioners the ins and outs of building secure software.

Recorded sessions

Philippe regularly speaks at conferences around the world. This collection of recorded sessions is a treasure trove of security information. Don't hesitate to share these talks with your colleagues and friends!

Taking security seriously

In this talk, we take an honest look at the current security landscape. Using plenty of real-world examples, we dive into the dangers applications face today.

Common API security pitfalls

Modern applications consist of a frontend application, backed by an API. In this session, we investigate common security issues in APIs, along with current best practices for building secure APIs.

The parts of JWT security nobody talks about

JSON Web Tokens have become the de facto standard to represent claims securely. However, many of the more elaborate security features of JWTs are unknown. This talk covers advanced security best practices for JWT tokens.

Introduction to OAuth 2.0 and OpenID Connect

This talk will provides an introduction to both OAuth 2.0 and OpenID Connect. The talk covers their inteded usage scenarios, along with best practices for using them securely.

Angular and the OWASP top 10

The OWASP top 10 is one of the most influential security documents of all time. In this talk, we explore how the OWASP top 10 applies to Angular applications and discuss the most relevant items.

The truth about cookies, tokens and APIs

With the rise of Single Page Applications, cookies are being replaced with tokens in custom headers. We dive into the technicalities behind these technologies, and the actual security impact of your choices.

Security patterns for keeping secrets in the browser

In this talk, we investigate the strengths and weaknesses of browser-based storage mechanisms. We explore various security strategies to protect sensitive data. We even propose a way to protect data against physical access to the device.

Passwords and pixie dust - A look at OAuth 2.0 security in Angular

In this talk, we give an overview of the flows in OAuth 2.0 that are relevant for Angular applications. We also dive deeper into a recent addition to OAuth 2.0, known as PKCE.

From the OWASP top 10(s) to the OWASP ASVS

This talk will review the OWASP Top Ten 2017 and the OWASP Top Ten Proactive Controls 2018 and compare them to a more comprehensive standard, the OWASP Application Security Verification Standard (ASVS) v3.1.

HTTPS for developers

The HTTPS ecosystem today is vastly different than a couple of years ago. We look at how HTTPS impacts the application. We will see how merely deploying HTTPS is far from sufficient to secure an application.

Philippe De Ryck

Dr. Philippe De Ryck

Hi, I'm Philippe, and I help developers protect companies through better web security. As the founder of Pragmatic Web Security, I travel the world to teach practitioners the ins and outs of building secure software.


Talks and workshops

You will often find me speaking and teaching at public and private events around the world. My talks always encourage developers to step up and get security right.


Security resources

Getting security right is all about knowledge. I strongly believe in sharing that knowledge to move forward as a community. Among my resources, you can find developer cheat sheets, recorded talks, and extensive slide decks.


Mailing list

Subscribe to the Pragmatic Web Security mailing list to stay up to date on the latest activities and resources.

Subscribe