Web Security Training

Navigating the web security landscape

Navigating the web security landscape

digest – Article

The websec digest #18

Blog The websec digest gives you a brief overview of significant incidents, technologies, and upcoming events. This edition's headline features a severe vulnerability in the Cisco WebEx browser extension. You must take 5 minutes out of your day to address these issues ASAP. Read More ›

digest – Article

The websec digest #17

Blog The websec digest gives you a filtered overview of noteworthy incidents, interesting technologies and upcoming events. The headline of this edition goes to an outstanding research paper, describing a clever man-in-the-middle attack against a password reset system. Read More ›

trainingsessions – Resources

Building secure Angular applications

Blog The slides from my Voxxed Days Luxembourg talk about building secure Angular applications. It covers Angular's built-in XSS protection, and points out how you can use Subresource Integrity, Content Security Policy and Sandboxing to further improve the security of your application. Read More ›

digest – Article

The websec digest #16

Blog The websec digest gives you a filtered overview of noteworthy incidents, interesting technologies and upcoming events. This edition starts with a story of the theft of $ 8000 in bitcoin, even though the wallet was protected with two-factor authentication. Read More ›

trainingsessions – Resources

Secure your code

Blog The slides from my talk about security in Angular applications at the ScaleUp Week in Porto. It starts out with Angular's built-in XSS protection, and continues with a deep-dive into session management in Angular applications. Topics such as cookie flags, cookie prefixes, CSRF and JWT tokens are covered. Read More ›