Securing Angular / React / Vue Frontends
Live training available as a 1-day essentials workshop or a 2-day advanced workshop
With the rise of SPAs, frontend security is as important as ever. Unfortunately, finding reliable and in-depth security guidance on preventing XSS, deploying CSP, or using OAuth 2.0 securely is quite challenging.
This workshop covers it all and more, offering practical and immediately actionable security advice for frontend Angular / React / Vue developers. Using the guidelines in this workshop, you will be able to review and improve your application’s security.
1-day Essentials outline
- The security model of frontend web applications
- Understanding the threat behind XSS
- Preventing XSS in Angular / React / Vue
- XSS pitfalls in Angular / React / Vue
- Using Trusted Types as an XSS defense
- Introduction to Content Security Policy (CSP)
- Deploying CSP for Single Page Applications
- Practicalities about CSP
- Hands-on labs throughout the day
2-day Advanced outline
- All of the content from day 1
- Defending against UI redressing attacks
- Architectural security patterns for frontends
- Secure storage for sensitive data in the browser
- Common OAuth 2.0 and OIDC deployment patterns
- Understanding OAuth 2.0 security in frontends
- Breaking OAuth 2.0 security in frontends
- Securing OAuth 2.0 with the Backend-For-Frontend pattern
- Hands-on labs throughout the day
Pricing Information
In-house workshops
In-house workshops are available on-site or online, depending on your preference. Pricing for in-house training is available at a fixed price per day, independent of the size of the group. Depending on current promotions, the cost per attendee per day ranges from EUR 200 - 233 for a group of 30 people. Details about pricing and availability can be requested by contacting Philippe at philippe@pragmaticwebsecurity.com.
Public online workshops
For individuals or small groups, joining a live online edition of this training is more cost-efficient than hosting an in-house training. The live online training offers the same immersive training experience. The next training is scheduled for December 2nd - 3rd, 2024.
If you have any further questions, don't hesitate to reach out to philippe@pragmaticwebsecurity.com.
What to expect?
The recording below should give you a good idea of Philippe's presenting style. This particular video is from the OWASP Benelux days conference in 2022, where Philippe first presented how to use Trusted Types to avoid XSS vulnerabilities in React applications.
The testimonials below illustrate how attendees experience Philippe's trainings.
The trainer presents smoothly and with humor, making complex topics clear and easy to understand. Although I thought I knew most of this material, I actually learned a lot. Thanks :)
The whole course was well-designed, as the theory and the code examples went very well together. Finally, the quizzes introduced a fun competition aspect to it.
Good pacing, intros to topics, and easy to understand examples. Quizzes and practical exercises helped to better understand the theory part.
The teaching style was very interactive and varied with quizzes and lab exercises. Philippe is clearly very knowledgable in the area.
Your trainer, Dr. Philippe De Ryck
Philippe De Ryck, with a Ph.D. in web security from KU Leuven, is renowned for making complex security topics accessible and engaging. As the founder of Pragmatic Web Security, he delivers expert security training and consulting, consistently earning raving reviews from participants globally. He also contributes to OAuth 2.0 specifications as a co-author of best practices for browser-based apps and is recognized as a Google Developer Expert for his contributions in the field of web application and API security.
