Develop secure Web applications

Proven 12-week program for software engineers

With just 2 hours a week learn all you need about full-stack Web security, implement a secure role-based enterprise-grade authorization and master OAuth/OIDC (and more!)

Get Started for FREE→
Hero
TrustScore 4.7 | EXCELLENT | READ MORE πŸ“ˆ

Trusted β™₯️ by developers at

By the end of this program, you will...

Have a complete understanding of the Web security model and fill all your knowledge gaps as a developer

Learn Web security vulnerabilities and implement industry-standard prevention methods

Know how to design & build an ultra-secure role-based access control system in a real-world, full-stack application

Master the complexity of OAuth/OIDC and be able to implement different flows securely for specific use cases

Why Developers Love Academy

🀩 You are a best fit if you are:
  • βœ… a full-stack developer (best match ⭐️),
  • βœ… a frontend developer concerned about application security (yes, it really matters),
  • βœ… a backend developer interested in secure coding practices (from the inside out),
  • βœ… an application security engineer seeking to deepen practical application knowledge,
  • βœ… a system administrator interested in understanding web security from a coding angle.
😒 You may not be a good fit if you are:
  • ❌ completely unfamiliar with JavaScript / HTML,
  • ❌ looking for basic IT or computer science fundamentals,
  • ❌ primarily focused on non-web IT security (e.g., network security, IT auditing),
  • ❌ a complete beginner in programming without any background in web technologies,
  • ❌ seeking a course on user interface design or user experience principles.
The program is for you if you want to:
  • engineer ultra-secure Web applications,
  • understand the model of security in Web applications,
  • be aware of potential risks once the application is live,
  • stop blindly relying on frameworks in the hope of security,
  • see the full perspective of frontend and backend security,
  • integrate security testing into your development workflow,
  • learn tons of valuable tips & tricks improving the security,
  • join the World-wide community of like-minded developers.
We use Angular & Node (with TypeScript) for the main project implementation, but the underlying concepts are applicable to any web stack. The first 5 modules are technology agnostic - you have time to catch up!

Practical project with real-world features

You'll learn theoretical knowledge and use it to practically secure a real-life personal money tracker application. This project is composed of five key modules β€” Auth, Dashboard, Expenses, Settings, and Admin β€” each designed to challenge and enhance your Web security skills. You'll learn role-based access control (RBAC) to manage different user permissions effectively and implement cutting-edge security mechanisms across both frontend and backend systems.

Auth module

  • Login, signup, password recovery
  • Auth

Dashboard

  • Read budgets and account summary
  • Auth

Expenses

  • Manage account's expenses
  • Auth

Settings

  • Manage account's users and categories
  • Auth

Admin module

  • Manage active sessions of logged users
  • Auth

Agenda - watch demos πŸ“Ί

The big plan

  • Welcome lesson
  • The big goal
  • Structure and topics WATCH NOW
  • What you need
  • Training outcomes
  • Your first task πŸš€

Web Security model

  • Same-origin policy
  • Cross-origin resource sharing
  • Content Security Policy
  • Reporting in Content Security Policy
  • Hashes and nonces
  • Subresource integrity
  • Assignment βš™

Client vs. server security

  • Client-side security
  • Server-side security
  • HTTPS Communication
  • Tokens vs. sessions
  • When to use tokens
  • When to use sessions
  • Assignment βš™

Security vulnerabilities

  • OWASP Top 10 WATCH NOW
  • Cross-site scripting
  • Cross-site request forgery
  • JWT Hacking WATCH NOW
  • Other web applications attacks
  • Assignment βš™

Application architecture

  • Role-based access control design
  • Application architecure
  • Authentication vs. authorization
  • Secured frontend parts
  • Secured API
  • Backend application setup
  • Assignment βš™

Core features implementation

  • Login feature in frontend
  • Login feature in backend
  • Sign up feature in frontend
  • Sign up feature in backend WATCH NOW
  • Router Guards
  • Http Interceptors
  • Assignment βš™

Client security implementation

  • Content Security Policy
  • XSS prevention
  • CSRF prevention
  • HttpOnly and Secure Cookies
  • UserAuth object
  • Conditional components visibility
  • Coding task πŸ”§

API security implementation

  • Working with sever-side session
  • Logging access and application events
  • Throttling failed logins
  • Input sanitization and validation
  • Two vectors of authorization
  • Preventing unauthorized requests
  • Setting up CORS
  • Coding task πŸ”§

Roles and account management

  • Adding a new user to an account
  • Confirming a new user for an account
  • Password recovery
  • Managing active sessions
  • Removing logged users

External authentication

  • Main players in OAuth 2.0
  • Understanding different OAuth flows
  • Security measures in OAuth 2.0
  • Authorization Code Flow + PKCE
  • Id Token vs. Access Token
  • Using OpenID Connect (OIDC)
  • Coding task πŸ”§

Two-factor authentication

  • Multi-factor authentication mechanics
  • Two-factor authentication with Google Authenticator WATCH NOW
  • Requesting one-time password (OTP)
  • Validating one-time password (OTP)
  • Setting up 2FA

External user management

  • Federated identity management (FIM)
  • Single sign-on (SSO)
  • FIM providers comparison
  • IDaaS - Identity as a Service
  • Auth features externalization
  • Implementing Auth0 integration
  • Coding task πŸ”§
Each video with English subtitles

Growing list of bonuses 🀩

Firebase security

Created by Fireship.io πŸ”₯
  • Firestore rules basics
  • Logic organization with custom functions
  • Common examples: role-based auth, access-control list, rate-limiting
  • Unit testing rules locally

Security testing

Created with Snyk.io 🐢
  • Introduction to DevSecOps (shift left)
  • Software Composition Analysis
  • Static Application Security Testing
  • Automatic discovery of SQL injections, XSS, and more security risks in code

Penetration testing

Act like a hacker πŸ‘Ύ
  • Introduction to penetration testing
  • Using Burp Suite tools
  • Looking for security issues
  • Using repeater, intruder, decoder, sequencer
  • Further investigation

WebSockets security πŸ”Œ

  • Same origin Policy
  • Bypassing authorization
  • Tunneling
  • Encryption
  • DoS Attacks

To be announced

Coming soon! βŒ›
  • Your topic may be here!
  • To be decided based on needs
  • Free of charge for current students

Guest Mentors

Randall Deggs
Randall Deggs
Snyk.io Head of DevRel
Podcast Episode 1 Guest
Marek Ε ottl
Marek Ε ottl
Cloud Security Expert
Podcast Episode 7 Guest
Marek Ε ottl
Mathias Conradt
OWASP member
Coming soon!
TBA
Coming soon!
TBA
Coming soon!
TBA

Time commitment ⏰

Each week's materials consist of 1-2 hours of video materials (that are extremely optimized and condensed, no B.S.)

After each module, you have the assignment to practice what you learned - depending on your pace it may take 2-3 hours

Each week (check the schedule) you are invited to join an (optional) live Q&A session to answer your questions

You can always ask questions under the videos in the comments section or get support via the Discord community

Schedule @ 2024

Modules are pre-recorded and released weekly. After the program, you gain lifetime access to them. LIVE sessions are planned for Thursdays at 7 PM CEST, 1 PM EDT, and 10 AM PDT.

Monday
3
Module 1 published
Tuesday
4
LIVE 1 πŸ”΄
FREE WEBINAR
Wednesday
5
Time to study
Thursday
6
Time to study
Friday
7
Module 2 published
Saturday
8
Time to study
Sunday
9
Time to study
Monday
10
Time to study
Wednesday
12
Time to study
Tuesday
11
Registration closes ❌
Thursday
13
LIVE 2 πŸ”΄ Q&A
Friday
14
Module 3
published
Saturday
15
Time to study
Sunday
16
Time to study
Monday
17
Time to study
Tuesday
18
Time to study
Wednesday
19
Time to study
Thursday
20
LIVE 3 πŸ”΄ Q&A
Friday
21
Module 4
published
Saturday
22
Time to study
Sunday
23
Time to study
Monday
24
Time to study
Tuesday
25
Time to study
Wednesday
26
Time to study
Thursday
27
LIVE 4 πŸ”΄ Q&A
Friday
28
Module 5
published
Saturday
29
Time to study
Sunday
30
Time to study
June 2024
Monday
1
Time to study
Tuesday
2
Time to study
Wednesday
3
Time to study
Thursday
4
LIVE 5 πŸ”΄ Q&A
Friday
5
Module 6 published
Saturday
6
Time to study
Sunday
7
Time to study
Monday
8
Time to study
Tuesday
9
Time to study
Wednesday
10
Time to study
Thursday
11
LIVE 6 πŸ”΄ Q&A
Friday
12
Module 7 released
Saturday
13
Time to study
Sunday
14
Time to study
Monday
15
Time to study
Tuesday
16
Time to study
Wednesday
17
Time to study
Thursday
18
LIVE 7 πŸ”΄ Q&A
Friday
19
Module 8 released
Saturday
20
Time to study
Sunday
21
Time to study
Monday
22
Time to study
Tuesday
23
Time to study
Wednesday
24
Time to study
Thursday
25
LIVE 8 πŸ”΄ Q&A
Friday
26
Module 9 released
Saturday
27
Time to study
Sunday
28
Time to study
July 2024
Monday
July
29
Time to study
Tuesday
July
30
Time to study
Wednesday
July
31
Time to study
Thursday
1
LIVE 9 πŸ”΄ Q&A
Friday
2
Module 10 published
Saturday
3
Time to study
Sunday
4
Time to study
Monday
5
Time to study
Tuesday
6
Time to study
Wednesday
7
Time to study
Thursday
8
LIVE 10 πŸ”΄ Q&A
Friday
9
Module 11 published
Saturday
10
Time to study
Sunday
11
August
Time to study
Monday
12
Time to study
Tuesday
13
Time to study
Wednesday
14
Time to study
Thursday
15
LIVE 11 πŸ”΄ Q&A
Friday
16
Module 12 published
Saturday
17
Time to study
Sunday
18
Time to study
Monday
19
Time to study
Tuesday
20
Time to study
Wednesday
21
Time to study
Thursday
22
LIVE 12 πŸ”΄ Q&A
Friday
23
You're Web Security Master
Saturday
24
The end πŸŽ‰
Sunday
25
The end πŸŽ‰
August 2024
You can learn solo - LIVES are optional, but very helpful πŸ”₯ as these topics are complex!

What is included in the Academy

12-week learning program in the form of on-demand video lessons + ALL bonus modules

Practical coding assignments to fortify the skills (clone the repo!)

12 weeks of premium support to solve coding and design challenges

Access to the fruitful Discord community of devs learning together & discussing unique cases

English captions for every video lesson (watch without sound)

Certificate of graduation with your name on it (add it to your resume!)

14-day money-back satisfaction guarantee (100% risk-free)

Life-time access to the program (with all future updates) πŸ”₯

Don't Miss Our Next Cohort

Join the waiting list to be notified about the launch and get some awesome bonuses! 😍

Secure your spot now!

Sign up and I'll share exclusive security insights and quick-win tips to safeguard your web applications!

What others say

 
Our amazing students ❀
Worldwide
 
Yalon K.
Web developer, Israel
 
Ioannis K.
Web developer, Greece
 
Claudiu O.
Web developer, Romania

Bartosz's experience is demonstrated in the Web Security program. I was pleased to go over the first few lessons and learn the theory behind Web Security. All the concepts learned were later put into practice with his great Angular application backed by a Node.js service. Although I'm a Spring Boot developer, I was able to apply all the principles and concepts of Web Security in my applications. Also, the live sessions are essential in this program to ask and respond questions and build a great community. The program is updated regularly with new modules, I can't wait for the Firebase Security one! Keep up the great work!

Ruben O.
Full-stack Web Developer, Canada

Finding a complete and up to date Web security content is hard and time consuming, especially as a whole. With Web Security Academy, I found out a great opportunity to learn about security in depth both on client and server sides. The program's material isn't just a simple support to learn but provides good practices of a real world application. Bartosz is a great teacher and meetings with him and other students is part of the program, giving you the support from a whole community.

GΓ©rΓ΄me G.
Web developer, France

This program will give you a fresh perspective in security for the web, regardless if you've been in dev for years or are a new programmer. Bartosz builds lessons from upcoming web security standards making the curriculum up-to-date, contrasting what others might find on a bookshelf. I guarantee you'll find value in this program.

Peter M.
Founder at Geogram, USA

I am very skeptical about online courses or courses in general. However, I have seen Bartosz on YouTube in some videos and decided to join the program because I was excited by the way it was structured. There were many topics I was already experienced in but I must say that I still learned a lot. Especially the Online Meetings and the knowledge exchange was a real added value and I would recommend this program to anyone. The content did not disappoint me and I learned exactly the things I needed to develop in this area. Good Job Bartosz!

David K.
Software engineer, Germany

I am really impressed with the quality of the materials in the Academy. The content is designed in easy to consume fashion and focuses on important aspects. Also, it is very valuable to learn together with other developers over an extended period of time. I really recommend this kind of online training.

Alex G.
Developer and author, Spain

The program is really well built. It first guides you through the ways a SPA can be vulnerable and the ways those vulnerabilities can be fixed, then it teaches you how to implement those protection mechanisms with Angular, without getting stuck on general development questions too much. It also shows the backend parts of those protection mechanisms. After completing the program I feel confident that I can protect the webapps I develop.

Alex B.
Web Developer, Hungary

If you are looking for a training to take you from just a front-end developer to a full-stack Angular/Node.js, then this is it. I have been an Angular contractor for a couple of years now and still learned some valuable tips for the front-end but the back-end has been invaluable to me for understanding how to build a highly secure full-stack application. The teacher is always there to help and really does care about you achieving the best from the program. He takes time to explain concepts in excellent weekly meetings where you will meet a great bunch of developers from all around the world and bounce new ideas off each other. Far better than the other Angular security courses I have taken in the past.

Rich W.
Developer, UK

WebSecurity Academy is a great place to learn new skills or increase your current. The instructor is very kind and has a goal that you understand all the content, so there's a Community (Slack) that you'll be a part of so you can ask questions (or help answer them), talk personally with the instructor, and get to know the other students. One thing I really like about this program is that it's paced over a certain amount of time. You won't be overwhelmed with On-Demand videos, although later you'll have on-demand access forever, which also nice! Overall, I give this 5 out of 5 stars!

Kenny H.
Full-stack developer, USA

Bartosz brings in-depth knowledge and experience in Angular enterprise development. He gives tremendous value to the Angular community.

Brad Green
Engineering Director for Angular in Google

Bartosz's Angular training was probably the best I've attended so far. He always tried to explain everything in the way when both novice and experienced developer could understand it, but at the same time he spent not too much time on simple things - probably that balance was the most important personally for me.

Pavlo Baukov
Java developer

Bartosz is a able to conduct trainings with a great professionalism. I've attended his training on Angular and found it very useful, as Bartosz in a limited time frame provided both theoretical knowledge and practical exercises and eventually helped me to delve into front end web development.

Anton Danylov
.NET Team Lead

Recently I've participated in a training conducted by Bartek. I would say he is a very talented trainer with individual approach to every student.

Andrii Tkach
Senior .NET developer at Luxoft

I've attended Bartosz's training for Angular 2 and want to say, that it is one of the best trainings I've visited. Bartosz kept us all the time focused on tha task and everybody was involved in the process. Four days past like a minute and I had a feeling, that I want to stay and continue learning. And at the same time we were able to cover a lot of topics and Bartosz gave us a direction for further learning.

Oleksandr Vorovchenko
Senior Frontend Developer

I had a true pleasure to attend a training led by Bartosz. Right away I was positively surprised with the level and attitude. Bartosz not only knows by heart the stuff he teaches, but really likes what he does. He was keen to answer all questions and also helped with practical excercies. He had everything under control. The ratio between theory and practical tasks was just right.

Jakub Niemyjski
Senior .Net Developer

Risk-free guarantee

The materials are designed to give you 10x more value than you expect. But, if for whatever reason you will not be satified, then you can write an email within 14 days since your purchase to bartosz[at]dev-academy.com and I will give you money back.

My goal is to help you and give as much value as possible.

Frequently Asked Questions

How long do I have my membership in the program?

You receive a life-time membership in the program. It also means that if the program is extended with the new modules in the future, you will have the access to it, without any additional costs.

Do you provide any guarantee?

Yes, I do. Academy offers 14 days money-back guarantee. If you don't find the program fitting your needs after 14 days of your purchase, you can ask for the refund - you just send an email to bartosz[at]websecurity-academy.com and you will receive your money back.

I don't have time to take such a comprehensive program. Is it for me?

In order to take advantage of the program you have to invest at least 1-2 hours a week. The materials are going to be concise and concrete to maximize the learning and minimize the time needed for it.

Will I receive a bill or invoice for later reimbursement by my company?

Yes, you will receive it for later reimbursement, but you need to provide VAT ID in the checkout (before the payment) to have VAT ID on the invoice.

Is it all Angular and Node specific?

No! Indeed, the main project's implementation is based on Angular and Node.js (with TypeScript), but underlying concepts are applicable to any stack (React, Vue, Java, .net, Python, etc.).

Do you add taxes to the purchase?

The payment system automatically verifies if taxes (like VAT) are applicable depending on your location and legal status. If applicable, the relevant taxes will be automatically included in your payment (without increasing the price). If you provide your VAT ID the taxes usually disappear.

Certificate of graduation πŸ†

  • Get your PDF shareable and printable certificate πŸ‘¨β€πŸ«
  • Show your success on social media πŸ—ΊοΈ
  • Print it and put on the wall πŸ–¨οΈ
  • Ask the team to prove your skills on LinkedIn! πŸ’ͺ

Your teacher

  • Taught hundreds of developers around the World
  • Holds a Master's degree in Computer Science
  • Spoke at conferences like AngularUP, ngVikings, NG-Colombia, JSConf.be, HolyJS and more
  • Worked at companies like Credit Suisse, UBS, F-Secure, Tecnotree building enterprise software
  • Writes technical articles about full-stack Angular development
Bartosz Pietrucha

Bartosz Pietrucha

Academy Founder
Supported by mentors in our Discord community

Is there another way?

Of course! You can be learning on your own, googling, writing questions on StackOverflow, etc. But it takes a lot of time...

What I am offering you is a MASSIVE shortcut in a supportive learning enviroment. Take a look at what Ales said. πŸ‘¨β€πŸŽ“

Join our global community! 🌐