Angular Security Masterclass (with FREE E-Book)
Practical Guide to Angular Security – Add Authentication / Authorization (from scratch) to an Angular / Node App
What you’ll learn
- Code in Github repository with downloadable ZIP files per section
- Get a solid foundation in Web Security Fundamentals
- Perform the attacks yourself manually, in order to fully understand them
- Understand and Defend an Application against common security attacks, such as Dictionary Attacks, Cross-Site Request Forgery, etc.
- Understand JWT in-depth, including the multiple signature types
- Design and Implement Application Authentication and Authorization from scratch
- Know how to add Authentication to an Angular Application using JWTs (and traditional Server Sessions)
- Know how to add RBAC (Role based Access control) Authorization to an Angular application
- Just some previous knowledge of Angular and Typescript
The course is an Web Application Security Fundamentals Course, where the application will use the Angular/Node stack.
All the server code is in Typescript, but the security concepts explained in it are applicable to other technology stacks.
This course includes an auxiliary Ebook – The Typescript Jumpstart Ebook
We will use several MIT licensed Angular and Node packages from Auth0 (that you could use in your application), and we will also include a demo of how to use Auth0 for doing Application User Management.
Its important to realize that this is NOT an Auth0 specific course. Auth0 will be the source of a couple of open source packages we will use, and will be doing a quick demo of it to show how JWT makes it simple to delegate authentication to a third-party system, which could be developed in-house as well.
Security – A Fundamental Step in a Software Development Career
Security is probably the number one advanced topic that Software Developers are expected to master when going forward in their software development careers.
Security knowledge is hard to come by but its essential for advancing to more senior software development positions, like for example Application Architect or similar. Angular Security Masterclass
Learning Web Security Fundamentals, knowing how to design an application for security, and knowing how to recognize and fix security issues is an essential skill for a senior developer. Angular Security Masterclass
But the problem is that security knowledge is orthogonal to most other topics and it typically takes years to learn.
The good news is that once you have it, Security knowledge has a much longer shelf live than most software development knowledge in general.
Most of the vulnerabilities and fixes that you will learn in this course were useful 10 years ago, and will (very likely) still be useful 10 years from now – Angular and Node are just an example of one stack, to make the course examples more practical.
Security is seen as something really hard to master – this is actually not the case! Application Security is much more approachable than you might think, depending on how you learn it. Angular Security Masterclass
What Is The Best Way To Learn Security in a Fun and Practical Way? Angular Security Masterclass
Here is what we will do: we are going to take the skeleton of a running application that has no security yet, and we are going to secure the application step-by-step. Angular Security Masterclass
Using a couple of MIT packages from Auth0 (that you would be able to use in any project), we are going to implement the Sign-Up and Login functionality from scratch, and because security cannot be enforced only at the client-side, we will implement both the frontend in Angular and the backend in Node.
As we secure the application, and we are going to periodically attack the application many times during the course, to prove that the vulnerabilities are real!!
By doing so, we will learn along the way the fundamentals of Authentication and Authorization, we will become familiar with common vulnerabilities like Dictionary Attacks, CSRF and others, and we will get familiar with commonly used cryptographic tools like Hashing, Salting, JWT, password storage recommendations and more.
Please don’t be intimidated by these concepts: The focus in this course will not be on the internals of each of the cryptographic tools that we will use, but instead on understanding on a high-level what problems do these tools solve, when to use each and why.
We will also learn how to design our application for security, and we will learn how in many situations application design is ou best defense.
Who this course is for:
- Angular Developers looking to learn in-depth Web Application Security in the specific context of an Angular Application