Web Security Training

Navigating the web security landscape

Navigating the web security landscape

digest – Article

The websec digest #17

Blog The websec digest gives you a filtered overview of noteworthy incidents, interesting technologies and upcoming events. The headline of this edition goes to an outstanding research paper, describing a clever man-in-the-middle attack against a password reset system. Read More ›

trainingsessions – Resources

Building secure Angular applications

Blog The slides from my Voxxed Days Luxembourg talk about building secure Angular applications. It covers Angular's built-in XSS protection, and points out how you can use Subresource Integrity, Content Security Policy and Sandboxing to further improve the security of your application. Read More ›

digest – Article

The websec digest #16

Blog The websec digest gives you a filtered overview of noteworthy incidents, interesting technologies and upcoming events. This edition starts with a story of the theft of $ 8000 in bitcoin, even though the wallet was protected with two-factor authentication. Read More ›

trainingsessions – Resources

Secure your code

Blog The slides from my talk about security in Angular applications at the ScaleUp Week in Porto. It starts out with Angular's built-in XSS protection, and continues with a deep-dive into session management in Angular applications. Topics such as cookie flags, cookie prefixes, CSRF and JWT tokens are covered. Read More ›

digest – Article

The websec digest #15

Blog The websec digest gives you a filtered overview of noteworthy incidents, interesting technologies and upcoming events. This edition is overshadowed by the WannaCry ransomware epidemic, which has buried the regular web security news feed. Nonetheless, here are a few interesting pointers to check out. Read More ›