Web Security Training
Navigating the web security landscape
Navigating the web security landscape
As a full-stack developer, I often have trouble keeping up-to-date with all of the new technologies that are available today. I know that security is important, but it's just another responsibility on my plate. I try to follow the guidelines of the OWASP top 10, but I don't know what to do first, and I don't know if it's enough. I'm afraid of the day that things take a turn for the worst ...
Take a minute, and be honest to yourself.
If you have answered yes to one or all of the questions above, don't worry, you're not alone. Numerous web developers, team leads and project managers around the world struggle with these issues every day. Can you blame them? The web platform evolves at a tremendous pace, and security is only a small aspect of a web developer's life. New threats emerge every day, and in the last 5 years alone, over a dozen new security technologies have been added to modern browsers.
The web security landscape has become so vast and complex, that it has become unimaginable hard to focus on the right things at the right time. The most important aspect of successfully navigating this web security landscape is knowledge. Knowledge about threats, both old and new. Knowledge about available security technologies. And most importantly, knowledge about which threats and technologies are most relevant to you.
I am determined to help you get that knowledge, so that you can build the applications your users deserve. Since you're here, you are already convinced about the importance of web security, and excited about building secure applications. Read on below to learn about the different ways in which I can help you level up your security skills.
Hi, I'm Philippe De Ryck, and I'm here to teach you about web security.
The goal of my blog is to spread awareness about web security to as many people as possible. You can expect about two to three articles per month, all packed with a lot of knowledge. I also share slides (and video if available) of public presentations on my blog.
If you want to get a feel for what you can expect, check out the following links:
Are the free SSL/TLS certificates from Let’s Encrypt any good? (Blog Post)
Securing Your AngularJS Application (Slide Deck)
A false sense of security by cheating with your security headers (Blog Post)
The easiest way to stay informed about my posts is to subscribe to the mailing list. You can also use your own notification mechanisms with these RSS or Atom feeds.
During my PhD, I was the lead author of an overview of the current web security landscape, titled Primer on Client-Side Web Security. The book was requested and published by Springer, and is available in numerous online bookstores.
In the primer, you can find different threat models, broken down into individual attackar capablities. In total, 13 attacks are fleshed out, and their respective countermeasures described. The book gives a good overview of the current state of practice, and the desired best practices.
Another way I reach a lot of people is through speaking engagements. Chances are you ended up here because you attended one of my talks. I've talked about a variety of topics, at numerous national and international events.
The most popular topics of my recent speaking engagements are
More information about my speaking engagements, including a list op upcoming events, is available on my speaking page.
Since I am running the web security training program at imec-DistriNet, it should not be surprising to learn that organizing training courses takes up the most of my time. We organize both in-house trainings and subscription-based courses, covering a wide variety of web security topics.
Check out the training page for more information.