API Security Workshop with Dr. De Ryck
Proven Interactive Workshop with Labs and Discussions
Building secure APIs and microservices is hard, really hard. Not only do you have to make the right architectural security decisions, you also have to be aware of various implementation vulnerabilities to ensure the security of your applications. This workshop provides API developers with the necessary knowledge to assess and improve the security of their APIs.
Didactic Approach
With a mix of lectures, demos, quizzes, and hands-on labs, participants discover best practices for building secure APIs. We investigate various techniques to implement authentication and authorization, along with their trade-offs and pitfalls. We dive deep into handling JSON Web Tokens, but also discuss the relevance of browser security features such as Cross-Origin Resource Sharing. Additionally, we discuss current best practices for securing an API with OAuth 2.0.
Learning Goal
This workshop offers practical and immediately applicable security advice for API developers. Throughout the workshop, Philippe is available to answer any questions, including concrete scenarios applying to your own applications.
Code Examples
Code examples and demos often use NodeJS and Spring Boot, but are easy to translate to other languages and frameworks.
Highlights
✅ Online version: 100% remote – No travel required! ✅ Interactive: ask questions and participate in discussions ✅ True understanding of problems, solutions, and their trade-offs ✅ High-quality course materials to use as a reference ✅ Lots of demos and lab sessions ✅ Labs remain accessible after the workshop
Introduction
- The security model of APIs
- Foundational API security principles
- Configuring API security headers
API authentication and authorization
- Basic API authentication techniques
- Advanced API authentication
- Common API authorization failures
- Enforcing API authorization
- API authorization best practices
The nonsense of "cookies vs tokens"
- Managing user state in REST APIs
- The good, the bad, and the ugly parts of cookies
- Understanding Cross-Origin Resource Sharing (CORS)
- Trade-offs and best practices
JSON Web Token security
- Understanding the security features of JWTs
- Practical JWT use cases
- Common JWT security pitfalls
- Token management challenges
- Solving key management for JWTs
- JWT security best practices
Securing APIs with OAuth 2.0
- Access token types
- Making authorization decisions with access tokens
- Effectively using scopes and permissions
- Outlook to OAuth 2.1
Upcoming events
Reviews
I also appreciated the concrete examples of how to implement DDD in folder and files structures.
Individual In-House Company Workshops
All of our workshops are also available remotely or in-house at any time.
Contact us for an appointment
FAQs on our workshops
How do your workshops and courses work?
Our seminars around Angular are a mixture of lecture, live coding and actual exercises. Together we implement what we have learned during the workshop directly on a example project. This mixture guarantees that the course never gets boring and “hands-on” is required instead of gray theory.
Who is the Angular hands-on training designed for?
Our Angular hands-on workshop is aimed at anyone who wants to develop applications with Angular in the future or is already doing so and now wants to better understand the background, context and building blocks of the framework.
Participants should have basic knowledge of web development (basic knowledge of HTML and JavaScript).
For advanced Angular developers we offer advanced seminars and intensive trainings on specific use cases.
Where do the Angular workshops take place?
Our trainings take place as public workshops in seminar rooms at central hotels in Germany, Austria and Switzerland. In-House company workshops take place at your office or conference room.
All courses are also available as remote workshops, where we meet online in a virtual classroom and do the training via video calls, screen sharing and live coding.
Who are the trainers?
Our workshops are held by experienced trainers and software architects. In recent years, we have provided Angular training to well-known companies – including well-known banks, insurance companies, industrial groups. Trainers include well-known conference speakers, authors of books and professional articles, bloggers, Google Developer Experts and university lecturers.
At what times are the training sessions held?
Especially for dedicated company trainings, we are happy to accommodate you. Typical times are 9:00AM to 4:30PM / 5:00PM. Some of our English-language workshops are timed so that you can also attend at US friendly times.
Can we also book online training courses?
Absolutely. In fact, since the pandemic, this has been our main business model and we have had very good experience with it. We use a combination of screen sharing, interactive online whiteboards, and are happy to connect to your computer for support during the exercises if you wish. As with our on-site training, we use a combination of short presentations, discussions, live coding and hands-on labs.
Since there is no travel involved, you also save time and money. We can also respond more flexibly to your scheduling needs.
Can we adapt the training for our purposes?
Yes, very much so. In fact, that’s one of the benefits of dedicated corporate training. You are welcome to weight, shorten or add to our agenda proposals. As a rule, we also coordinate with your trainer about 2 weeks before the training. If you wish, we can also arrange it earlier.
Why Angular?
Among other things, Angular’s wide distribution speaks for itself, but also the fact that Google, an Internet giant that also uses the framework very intensively, is behind it. Google alone has over 2600 solutions based on it. Due to the wide distribution, there is a large community and thus a lot of know-how on the market as well as (free and commercial) products that are adapted to Angular. In addition, Angular provides much of what you need for large applications out of the box: test automation, form management, routing, etc. In this respect, you get a stack whose components are coordinated and work together in the long term.
How do you compensate for different prior knowledge?
The good news up front is that participants with different levels of prior knowledge are the rule, not the exception, in adult education. That’s why you’ll find optional fade-in hints and bonus exercises on our exercise sheets, for those who are a little faster. Of course, we also provide personal support for the exercises.
How many participants are recommended?
If you book a company training with us, we leave this decision to you in principle. However, experience shows that there should not be more than 15 participants, especially since a seminar lives very much from questions, discussions and practical exercises.
What software do we need?
Please install the following software packages on your computer:
– NodeJS in current version (we test with current LTS version).
– Angular CLI (npm i -g @angular/cli)
– Git
– Visual Studio (free) or WebStorm/IntelliJ (commercial)