Web Security Training

Navigating the web security landscape

Navigating the web security landscape

If you're visiting this page, you're likely looking for information on web security. Looking for help to build better and more secure applications, so that you can give your users the experience that they deserve. However, getting to that goal is not easy. Maybe this sounds familiar:

As a full-stack developer, I often have trouble keeping up-to-date with all of the new technologies that are available today. I know that security is important, but it's just another responsibility on my plate. I try to follow the guidelines of the OWASP top 10, but I don't know what to do first, and I don't know if it's enough. I'm afraid of the day that things take a turn for the worst ...

Do you recognize yourself in that?

Take a minute, and be honest to yourself.

  • Do you know whether the web applications you build are actually secure?
  • Are you struggling to keep track of emerging threats and security technologies?
  • Are you confused about which security technology you should implement first?

If you have answered yes to one or all of the questions above, don't worry, you're not alone. Numerous web developers, team leads and project managers around the world struggle with these issues every day. Can you blame them? The web platform evolves at a tremendous pace, and security is only a small aspect of a web developer's life. New threats emerge every day, and in the last 5 years alone, over a dozen new security technologies have been added to modern browsers.

Knowledge is your key to success

The web security landscape has become so vast and complex, that it has become unimaginable hard to focus on the right things at the right time. The most important aspect of successfully navigating this web security landscape is knowledge. Knowledge about threats, both old and new. Knowledge about available security technologies. And most importantly, knowledge about which threats and technologies are most relevant to you.

I am determined to help you get that knowledge, so that you can build the applications your users deserve. Since you're here, you are already convinced about the importance of web security, and excited about building secure applications. Read on below to learn about the different ways in which I can help you level up your security skills.

Hi, I'm Philippe De Ryck, and I'm here to teach you about web security.


The goal of my blog is to spread awareness about web security to as many people as possible. You can expect about two to three articles per month, all packed with a lot of knowledge. I also share slides (and video if available) of public presentations on my blog.

If you want to get a feel for what you can expect, check out the following links:

The easiest way to stay informed about my posts is to subscribe to the mailing list. You can also use your own notification mechanisms with these RSS or Atom feeds.


During my PhD, I was the lead author of an overview of the current web security landscape, titled Primer on Client-Side Web Security. The book was requested and published by Springer, and is available in numerous online bookstores.

In the primer, you can find different threat models, broken down into individual attackar capablities. In total, 13 attacks are fleshed out, and their respective countermeasures described. The book gives a good overview of the current state of practice, and the desired best practices.

Talks and Presentations

Another way I reach a lot of people is through speaking engagements. Chances are you ended up here because you attended one of my talks. I've talked about a variety of topics, at numerous national and international events.

The most popular topics of my recent speaking engagements are

  • Building secure single page applications, with frameworks such as AngularJS and EmberJS
  • How web security has evolved, and why traditional security technologies no longer suffice

More information about my speaking engagements, including a list op upcoming events, is available on my speaking page.


Since I am running the web security training program at imec-DistriNet, it should not be surprising to learn that organizing training courses takes up the most of my time. We organize both in-house trainings and subscription-based courses, covering a wide variety of web security topics.

Check out the training page for more information.