Web Security Training

Navigating the web security landscape

Navigating the web security landscape

digest – Article

The websec digest #15

Blog The websec digest gives you a filtered overview of noteworthy incidents, interesting technologies and upcoming events. This edition is overshadowed by the WannaCry ransomware epidemic, which has buried the regular web security news feed. Nonetheless, here are a few interesting pointers to check out. Read More ›

trainingsessions – Resources

On the importance of HTTPS

Blog The slides from my talk about HTTPS to a non-technical audience at the Legal Hackers Brussels meetup in Belgium. It covers the basic security properties of HTTPS, as well as common attacks to circumvent it use. Read More ›

trainingsessions – Resources

Boosting the security of your Angular applications

Blog The slides from my talk about security in Angular applications at OWASP AppSec Europe 2017. It starts out with Angular's built-in XSS protection, and continues with a deep-dive into session management in Angular applications. Topics such as cookie flags, cookie prefixes, CSRF and JWT tokens are covered. Read More ›

digest – Article

The websec digest #14

Blog The websec digest gives you a filtered overview of noteworthy incidents, interesting technologies and upcoming events. This edition's headline is another bank technology-based bank heist. This time, the attackers abused weaknesses in the phone system to intercept SMS messages, allowing them to bypass 2FA. Read More ›

digest – Article

The websec digest #13

Blog The websec digest gives you a filtered overview of noteworthy incidents, interesting technologies and upcoming events. This edition's headline is the homograph attack against Chrome, Firefox and Opera that had even the best security experts baffled. Read More ›