Everything you'll learn
- Code in Github repository with downloadable ZIP files per section
- Get a solid foundation in Web Safety Fundamentals
- Perform the attacks yourself manually, to be able to fully understand them
- Understand and Defend an Application against common security (aff) attacks, such as Dictionary Attacks, Cross-Site (aff) Request Forgery, etc..The training course is an Web Application Security (aff) Basics Course, where the application will use the Angular/Node heap.
Each of the host code is in Typescript, but the security (aff) concepts explained in it are applicable to other technology piles.
We will use several MIT licensed Angular and Node packs From Auth0 (that you can use in your program ), and we'll also include a demo of how to use Auth0 for doing Application User administration.
Specific course. Auth0 will be the origin of a couple of open source packages we will utilize, and will do a fast demo of it to show how JWT makes it easy to assign authentication to a third party program, which could be developed in-house also.Security (aff) – A Fundamental Step in a Software Development Career
Safety is possibly the number one advanced topic which Software Developers are expected to master when moving forward in their applications development careers.
Safety Knowledge is hard to come by but its essential for progressing to more senior software development rankings, such as for example Application Architect or similar.
Learning Web Security Fundamentals, understanding how to design an application for security, and understanding how to identify and fix security problems is an essential skill for a senior developer.
But the problem is that security understanding is orthogonal to most other topics and it generally requires years to find out .
The Fantastic news is that as soon as you have it, Security knowledge has a much longer shelf dwell than most software development knowledge in general.
Most Of those vulnerabilities and fixes that you will learn in this class were useful 10 decades back, and will (very likely) nevertheless be useful ten years from now – Angular and Node are just a good example of one stack, to produce the course examples more sensible.
Safety is viewed as something really difficult to master – this is really not the case! Application Safety is considerably more approachable than you might think, depending on how you learn it.
What's the Best Way To Learn Security in a Fun and Practical Way?
Here is what we will do: we are going to take the skeleton of a running application that does not have any security however, and we will secure the program step-by-step.
Using a couple of MIT packs from Auth0 (that you would have the ability to use in any endeavor ), we are going to execute the Sign-Up and Login performance from scratch, and because safety can't be enforced only in the client-side, we will implement both frontend in Angular and the backend at Node.
As We secure the program, and we are likely to occasionally attack the program many times during the course, to prove that the vulnerabilities are actual!!
By Doing This, we will learn along the Way the essentials of Authentication and Authorization, we'll get familiar with common vulnerabilities like Dictionary Attacks, CSRF and others, and we will get acquainted with commonly used cryptographic tools like Hashing, Salting, JWT, password storage recommendations and more.
Please Do not be intimidated with these concepts: The focus in this course won't be on the internals of all the cryptographic tools that we will utilize, but instead on understanding about a high-level what issues do these tools resolve, when to use each and why.
We will also learn how to Design our application for security, and we will discover how in most situations application design is ou best protection.
We will begin at the beginning: we will observe the proper means of doing User Management and Subscribe : we will discover how to save passwords in a database, and we will present cryptographic hashes in an approachable manner.
Once we have the Sign-Up functionality in place, we will implement Login and understand the need to get a temporary identity token. Our first implementation will be stateful login, where the token is kept at the server level.
And At this time we could think we have authentication set up, but we opt to prepare our application for scalability, so we opt to try a JWT (JSON Internet Tokens) based approach, because we know this is what services like Firebase and Auth0 use.
We Will utilize a couple of Auth0 packages to rapidly refactor our Login to be JWT established, and find out the benefits of using JWT, and some potential disadvantages too.
We will then determine how its possible to do Authentication using a third-party JWT-based service such as Auth0, Effectively removing all authentication logic from our codebase and also our database, and delegating it to a third-party support.
Note That this Auth0-specific component is only a little area of the course, and its primary goal is to show how its potential at an enterprise level to delegate authentication to a centralized service, whithout needing to introduce direct communication between applications and the centralized authentication support.
This Means that in case you can not utilize Auth0 at your organization, you are able to use the same design principles and design a JWT-solution which delegates authentication to some centralized server behind the firewall.
We'll then cover how to perform UI-level role-based performance in Angular using the Angular Router, Along with a custom directive for hiding or showing certain parts of the UI depending on the role of the consumer. We'll learn why the Router can't enforce actual security.
We will also talk about server-side Authorization, And we'll implement a commonly needed security-related Admin Level functionality: The Login As User assistance, which enables an admin to automatically login as any user, to research a problem report. We could see why we would need to secure this operation!
At the end of all these Vulnerabilities and security fixes, we'll have a nicely secured application and we will have heard a great deal of security-related concepts on the way in an enjoyable and practical way!
What Will you Learn In this Course?
And you will have gained the technical experience of implementing those concepts by defending a program from a series of security attacks. You'll have done so by actually doing many of the attacks!You Will have learned these concepts in the context of an Angular/Node program, but these theories are applicable to some other technology stack.
You will learn what built-in mechanisms does Angular Supply to defend against security problems, and what vulnerabilities it does NOT defend against and why.
You'll be Familiar with best practices for password storage, custom authentication service design and execution, you're going to learn the fundamentals about cryptographic hashes, be acquainted with JWT and many commonly used open source Auth0 packages.
You will be familiar with this Subsequent security vulnerabilities: Dictionary attacks, identity token highjacking methods, the browser same-origin policy, how to combine cookies with JWTs and why, Cross–Site (aff) Request Forgery or CSRF, common design vulnerabilities, and more.
You may know common practical Options for securing both public and enterprise net programs, such as how to utilize JWT to delegate authentication into a centralized service, which could be Auth0 or a in-house developed service which follows similar principles.
You will know how to apply UI-level authorization and use client-side constructs such as Router guards to execute it and even build your very own authorization-related UI directives.
You will also find out about server side authorization, and how to employ a commonly needed backend service that is only accessible to Admins – Login As user friendly.
What Will You Be Able to do in the Conclusion Of This Program?
This Course might help you choose your development career to a more senior level, where the knowledge about web application security is vital and a key distinguishing factor.
If you are a private internet Business owner or thinking about starting your platform, this class will comprise most of what you need in training to secure your own online platform at a robust and effective way.
With this course, you Will have the knowledge required for assessing many third-party security-related options, and you will understand where to search for vulnerabilities in your own application.
You will be able to Understand most application-level vulnerability reports which come out of Security audits done by third party providers, and you will be able to Understand and fix the most commonly reported issues.
Who this course is for:
- Angular Developers looking to learn in-depth Internet Application Security at the specific circumstance of an Angular Application
Created by Angular University
Last updated 3/2019
Size: 1.34 GB