Web Security Academy

12-week coaching program

Learn all you need about full-stack Web Security, implement a secure role-based enterprise-grade authorization and master OAuth/OIDC (and more!)

 
Join the Waiting List
Enrollment is closed ❌
 
By the end of this program, you will...
Have a complete understanding of the Web Security model and fill all knowledge gaps
Learn Web Security vulnerabilities and industry-standard prevention methods
Know how to implement an ultra-secure role-based access control in a real-life application
Master the complexity of OAuth/OIdC and be able to implement different flows securely
Who is the Academy for
πŸš€ The program is great for you if you are a:
• full-stack developer able to think beyond a single stack
• backend developer not afraid of frontend world
• frontend developer willing to understand backend security
We use Angular and Node (with TypeScript), but the underlying concepts are applicable to any web stack. The first 5 modules are technology agnostic - you have 5 weeks to catch up!
Weekly agenda
1
The big plan
  • Welcome lesson
  • The big goal
  • Structure and topics PLAY NOW
  • What you need
  • Training outcomes
  • πŸ”΄ LIVEMatch-making session
2
Web Security model
  • Same-origin policy
  • Cross-origin resource sharing
  • Content Security Policy
  • Reporting in Content Security Policy
  • Hashes and nonces
  • Subresource integrity
3
Client vs. server security
  • Client-side securityPLAY NOW
  • Server-side security
  • HTTPS Communication
  • Tokens vs. sessions
  • When to use tokens
  • When to use sessions
4
Security vulnerabilities
  • OWASP Top 10 PLAY NOW
  • Cross-site scripting
  • Cross-site request forgery
  • JWT Hacking PLAY NOW
  • Other web applications attacks
  • πŸ”΄ LIVEQ&A session
5
Application architecure
  • Role-based access control design
  • Application architecure
  • Authentication vs. authorization
  • Secured Angular parts
  • Secured API
  • Node.js application setup
6
Core features implementation
  • Login feature in Angular
  • Login feature in Node
  • Sign up feature in Angular
  • Sign up feature in Node
  • Router Guards
  • Http Interceptors
7
Client security implementation
  • Content Security Policy
  • XSS prevention
  • CSRF prevention
  • HttpOnly and Secure Cookies
  • UserAuth object
  • Conditional components visibility
8
API security implementation
  • Working with sever-side session
  • Logging access and application events
  • Throttling failed logins
  • Input sanitization and validation
  • Two vectors of authorization
  • Preventing unauthorized requests
  • Setting up CORS
9
Roles and account management
  • Adding a new user to an account
  • Confirming a new user for an account
  • Password recovery
  • Managing active sessions
  • Removing logged users
  • πŸ”΄ LIVE Q&A session
10
External authentication
  • Main players in OAuth 2.0
  • Understanding different OAuth flows
  • Security measures in OAuth 2.0
  • Authorization Code Flow + PKCE
  • Id Token vs. Access Token
  • Using OpenID Connect (OIDC)
11
Two-factor authentication
  • Multi-factor authentication mechanics
  • Two-factor authentication with Google Authenticator
  • Requesting one-time password (OTP)
  • Validating one-time password (OTP)
  • Setting up 2FA
12
External user management
  • Federated identity management (FIM)
  • Single sign-on (SSO)
  • FIM providers comparison
  • IDaaS - Identity as a Service
  • Auth features externalization
  • Implementing Auth0 integration
  • πŸ”΄ LIVEQ&A session
Each video with subtitles
Show full agenda
Bonus modules
1
Firebase security
Created by Fireship.io
  • Firestore rules basics
  • Logic organization with custom functions
  • Common examples: role-based auth, access-control list, rate-limiting
  • Unit testing rules locally
2
GDPR and legal guide
Created with a lawyer
  • Personal data intro for developers
  • What you MUST do for legal compliance
  • Privacy Policy
  • Terms and Conditions
  • GDPR and regulations around the World
  • Using cookies and consent
3
WebSockets security
Coming soon! βŒ›
  • Same origin Policy
  • Bypassing authorization
  • Tunneling
  • Encryption
  • DoS Attacks
4
Security testing
Coming soon! βŒ›
  • Introduction to penetration testing
  • Using Burp Suite tools
  • Looking for security issues
  • Using repeater, intruder, decoder, sequencer
  • Further investigation
5
To be announced
  • Your topic may be here!
  • To be decided based on needs
  • Free of charge for current students
6
To be announced
  • Your topic may be here!
  • To be decided based on needs
  • Free of charge for current students
Academy Schedule
Monday
October
26
Tuesday
October
27
Wednesday
October
28
Registration
Thursday
October
29
Registration
Friday
October
30
Registration
Saturday
October
31
Registration closes ❌
Sunday
November
1
Preparation
Week 1 - The big plan
Monday
November
2
Preparation
Tuesday
November
3
πŸ”΄ LIVE Match-making session
Wednesday
November
4
Module 2
released
Thursday
November
5
Time to study
Friday
November
6
Time to study
Saturday
November
7
Time to study
Sunday
November
8
Time to study
Week 2 - Web Security Model
Monday
November
9
Time to study
Tuesday
November
10
Time to study
Wednesday
November
11
Module 3
released
Thursday
November
12
Time to study
Friday
November
13
Time to study
Saturday
November
14
Time to study
Sunday
November
15
Time to study
Week 3 - Client vs. server security
Monday
November
16
Time to study
Tuesday
November
17
Time to study
Wednesday
November
18
Module 4
released
Thursday
November
19
Time to study
Friday
November
20
Time to study
Saturday
November
21
Time to study
Sunday
November
22
Time to study
Week 4 - Security vulnerabilities
Monday
November
23
Time to study
Tuesday
November
24
πŸ”΄ Live Q&A session
Wednesday
November
25
Module 5
released
Thursday
November
26
Time to study
Friday
November
27
Time to study
Saturday
November
28
Time to study
Sunday
November
29
Time to study
Week 5 - Application architecure
Monday
November
30
Time to study
Tuesday
December
1
Time to study
Wednesday
December
2
Module 6
released
Thursday
December
3
Time to study
Friday
December
4
Time to study
Saturday
December
5
Time to study
Sunday
December
6
Time to study
Week 6 - Core features implementation
Monday
December
7
Time to study
Tuesday
December
8
Time to study
Wednesday
December
9
Module 7
released
Thursday
December
10
Time to study
Friday
December
11
Time to study
Saturday
December
12
Time to study
Sunday
December
13
Time to study
Week 7 - Client security implementation
Monday
December
14
Time to study
Tuesday
December
15
Time to study
Wednesday
December
16
Module 8
released
Thursday
December
17
Time to study
Friday
December
18
Time to study
Saturday
December
19
Time to study
Sunday
December
20
Time to study
Week 8 - API security implementation
Monday
December
21
Time to study
Tuesday
December
22
Time to study
Wednesday
December
23
Module 9
released
Thursday
December
24
Time to study
Friday
December
25
Time to study
Saturday
December
26
Time to study
Sunday
December
27
Time to study
Week 9 - Roles and account management
Monday
December
28
Time to study
Tuesday
December
29
πŸ”΄ Live Q&A Session
Wednesday
December
30
Module 10
released
Thursday
December
31
Time to study
Friday
January
1
Time to study
Saturday
January
2
Time to study
Sunday
January
3
Time to study
Week 10 - External authentication
Monday
January
4
Time to study
Tuesday
January
5
Time to study
Wednesday
January
6
Module 11
released
Thursday
January
7
Time to study
Friday
January
8
Time to study
Saturday
January
9
Time to study
Sunday
January
10
Time to study
Week 11 - Multi-factor authentication
Monday
January
11
Time to study
Tuesday
January
12
Time to study
Wednesday
January
13
Module 12
released
Thursday
January
14
Time to study
Friday
January
15
Time to study
Saturday
January
16
πŸ”΄ Live Q&A session
Sunday
January
17
The end πŸš€
Week 12 - External user management
You can learn solo - live calls are optional (but very helpful πŸ”₯)
What is included in the Academy
VALUE OF
$2399
12-week learning program in the form of on-demand video lessons + ALL bonus modules
VALUE OF
$1199
At least 3 LIVE Q&A coaching sessions for all the students (show your screen & code!)
VALUE OF
$399
12 weeks of premium support to solve coding and design challanges
VALUE OF
$299
Access to the closed community of devs learning together & discussing unique cases
VALUE OF
$199
Match-making session to find your buddy in the program (the power of networking!)
VALUE OF
$199
English captions for every video lesson (with one-click translation to any language!)
VALUE OF
$99
Web Security checklist with clickable boxes to check your applications
VALUE OF
PRICELESS
Free of charge life-time access to the materials and future updates (the price may rise!)
The whole package of $4793 value
ONLY $497
Registration is closed
Join the mailing list to get FREE weekly Web Security tips! πŸ’Œ
What others say
Bartosz's experience is demonstrated in the Web Security program. I was pleased to go over the first few lessons and learn the theory behind Web Security. All the concepts learned were later put into practice with his great Angular application backed by a Node.js service. Although I'm a Spring Boot developer, I was able to apply all the principles and concepts of Web Security in my applications. Also, the live sessions are essential in this program to ask and respond questions and build a great community. The program is updated regularly with new modules, I can't wait for the Firebase Security one! Keep up the great work!
Ruben O.
Full-stack Web Developer, Canada
Finding a complete and up to date Web security content is hard and time consuming, especially as a whole. With Web Security Academy, I found out a great opportunity to learn about security in depth both on client and server sides. The program's material isn't just a simple support to learn but provides good practices of a real world application. Bartosz is a great teacher and meetings with him and other students is part of the program, giving you the support from a whole community.
GΓ©rΓ΄me G.
Web developer, France
This program will give you a fresh perspective in security for the web, regardless if you've been in dev for years or are a new programmer. Bartosz builds lessons from upcoming web security standards making the curriculum up-to-date, contrasting what others might find on a bookshelf. I guarantee you'll find value in this program.
Peter M.
Founder at Geogram, USA
I am very skeptical about online courses or courses in general. However, I have seen Bartosz on YouTube in some videos and decided to join the program because I was excited by the way it was structured. There were many topics I was already experienced in but I must say that I still learned a lot. Especially the Online Meetings and the knowledge exchange was a real added value and I would recommend this program to anyone. The content did not disappoint me and I learned exactly the things I needed to develop in this area. Good Job Bartosz!
David K.
Software engineer, Germany
I am really impressed with the quality of the materials in the Academy. The content is designed in easy to consume fashion and focuses on important aspects. Also, it is very valuable to learn together with other developers over an extended period of time. I really recommend this kind of online training.
Alex G.
Developer and author, Spain
The program is really well built. It first guides you through the ways a SPA can be vulnerable and the ways those vulnerabilities can be fixed, then it teaches you how to implement those protection mechanisms with Angular, without getting stuck on general development questions too much. It also shows the backend parts of those protection mechanisms. After completing the program I feel confident that I can protect the webapps I develop.
Alex B.
Web Developer, Hungary
If you are looking for a training to take you from just a front-end developer to a full-stack Angular/Node.js, then this is it. I have been an Angular contractor for a couple of years now and still learned some valuable tips for the front-end but the back-end has been invaluable to me for understanding how to build a highly secure full-stack application. The teacher is always there to help and really does care about you achieving the best from the program. He takes time to explain concepts in excellent weekly meetings where you will meet a great bunch of developers from all around the world and bounce new ideas off each other. Far better than the other Angular security courses I have taken in the past.
Rich W.
Developer, UK
WebSecurity Academy is a great place to learn new skills or increase your current. The instructor is very kind and has a goal that you understand all the content, so there's a Community (Slack) that you'll be a part of so you can ask questions (or help answer them), talk personally with the instructor, and get to know the other students. One thing I really like about this program is that it's paced over a certain amount of time. You won't be overwhelmed with On-Demand videos, although later you'll have on-demand access forever, which also nice! Overall, I give this 5 out of 5 stars!
Kenny H.
Full-stack developer, USA
Bartosz brings in-depth knowledge and experience in Angular enterprise development. He gives tremendous value to the Angular community.
Brad Green
Engineering Director for Angular in Google
Bartosz's Angular training was probably the best I've attended so far. He always tried to explain everything in the way when both novice and experienced developer could understand it, but at the same time he spent not too much time on simple things - probably that balance was the most important personally for me.
Pavlo Baukov
Java developer
Bartosz is a able to conduct trainings with a great professionalism. I've attended his training on Angular and found it very useful, as Bartosz in a limited time frame provided both theoretical knowledge and practical exercises and eventually helped me to delve into front end web development.
Anton Danylov
.NET Team Lead
Recently I've participated in a training conducted by Bartek. I would say he is a very talanted trainer with individual approach to every student.
Andrii Tkach
Senior .NET developer at Luxoft
I've attended Bartosz's training for Angular 2 and want to say, that it is one of the best trainings I've visited. Bartosz kept us all the time focused on tha task and everybody was involved in the process. Four days past like a minute and I had a feeling, that I want to stay and continue learning. And at the same time we were able to cover a lot of topics and Bartosz gave us a direction for further learning.
Oleksandr Vorovchenko
Senior Frontend Developer
I had a true pleasure to attend a training led by Bartosz. Right away I was positively surprised with the level and attitude. Bartosz not only knows by heart the stuff he teaches, but really likes what he does. He was keen to answer all questions and also helped with practical excercies. He had everything under control. The ratio between theory and practical tasks was just right.
Jakub Niemyjski
Senior .Net Developer
Show more testiomials
Risk-free guarantee
The materials are designed to give you 10x more value than you expect. But, if for whatever reason you will not be satified, then you can write an email within 30 days since your purchase to bartosz@websecurity-academy.com and I will give you money back.
My goal is to help you and give as much value as possible.
Frequently Asked Questions
When does the registration start and end?
The registration is currently closed.
Why can't I join during the program?
The program is designed in such a way that all participants who started at the same time are progressing equally through it. Then, every participant will get the most out of the training.
Can I pay for the participation, but take part in the next edition?
Yes. Even more. You can take part in this edition and all of the next editions - free of additional costs.
How will the program be delivered?
The video lessons will be hosted on Teachable.com. The coaching sessions will be delivered via Zoom or Google Meet. Discussions will be held over closed Slack workspace.
Will I receive all the materials at once?
No. The Academy lasts for 12 weeks. In order for you to get the most of the program and facilitate joint-working with other students, each module is scheduled for one week. You will receive an access to the materials in each module every consecutive week.
Will I remain the full access after the Academy finishes?
Yes. Once we finish 12-week program, you remain a life-time access to the training videos, materials and Slack community.
How long do I have my membership in the program?
You receive a life-time membership in the program. It also means that if the program is extended with the new modules in the future, you will have the access to it, without any additional costs.
Do you provide any guarantee?
Yes, I do. Academy offers 30 days money-back guarantee. If you don't find the program fitting your needs after 30 days of your purchase, you can ask for the refund - you just send an email to bartosz@websecurity-academy.com and you will receive your money back.
I don't have time to take such a comprehensive program. Is it for me?
In order to take advantage of the program you have to invest at least 1 hour a week. The materials are going to be concise and concrete to maximize the learning and minimize the time needed for it.
Will the price of the program rise?
Yes, it may rise in the future. The program is going to be improved and updated according to the participants needs.
Your teacher
  • Taught hundreds of developers around the World
  • Holds a Master's degree in Computer Science
  • Spoke at conferences like AngularUP, ngVikings, NG-Colombia, JSConf.be, HolyJS and more
  • Worked at companies like Credit Suisse, UBS, F-Secure, Tecnotree building enterprise software
  • Writes technical articles about full-stack Angular development
Bartosz Pietrucha
Academy Founder
Supported by mentors in our Slack community
Is there another way?
Of course! You can be learning on your own, googling, writing questions on StackOverflow, etc. But it takes a lot of time...

What I am offering you is a MASSIVE shortcut in a supportive learning enviroment. Take a look at what Ales said.
Join the Waiting List
Enrollment is closed