Download Udemy – Angular Security Masterclass (with FREE E-Book) 2022-10

Angular Security Masterclass (with FREE E-Book)

Description

Angular Security Masterclass (with FREE E-Book) is a web application security fundamentals course where the application uses the Angular/Node stack. All server code is in TypeScript, but the security concepts described therein are applicable to other technology stacks. This course includes a companion eBook – The Typescript Jumpstart Ebook We’ll use several MIT-licensed Angular and Node packages from Auth0 (that you can use in your own application), as well as a demo of how to use Auth0 for We will provide program user management. It is important to note that this is not an Auth0 specific session. Auth0 will be the source of several open source packages we’ll use, and we’ll do a quick demo of it to show how JWT simplifies handing off authentication to a third-party system, which can be developed in-house. . Good.

Security – a fundamental step in the software development profession

Security is probably the number one advanced topic that software developers are expected to master in their software development career. Security knowledge is hard to come by, but essential for advancement to senior software development positions, such as Application Architect or similar. Learning the basics of web security, knowing how to design an application for security, and knowing how to diagnose and fix security problems are essential skills for a senior developer. But the problem is that security knowledge is orthogonal to many other subjects and usually takes years to learn. The good news is that once you have security knowledge, it lasts much longer than software development knowledge in general. Most of the vulnerabilities and fixes you’ll learn about in this course were useful 10 years ago and (very likely) will still be useful 10 years from now – Angular and Node are just one example of a stack to add to the examples in the course. Practical. Mastering security is perceived as something very difficult – in fact it is not! Depending on how you learn it, application security is much more accessible than you think.

What is the best way to learn security in a fun and practical way?

Here’s what we’re going to do: we’re going to take the skeleton of a running program that’s not yet secure, and step-by-step secure the program. Using some MIT packages from Auth0 (which you can use in any project), we want to implement registration and login functionality from scratch, and since security cannot be applied only on the client side Kurd, we implement both the frontend in Angular and the backend in Node. As we secure the application and we are going to periodically attack the application several times during the course to prove that the vulnerabilities are real!! In doing so, along the way we’ll learn about the basics of authentication and authorization, learn about common vulnerabilities like Dictionary Attacks, CSRF, and more, and learn about common cryptographic tools like Hashing, Salting, JWT, Password become Storage recommendations and more. Please don’t be intimidated by these concepts: the focus of this course will not be on the internals of each of the cryptographic tools we’ll use, but rather on a high-level understanding of what problems these tools solve, and when. Use Which and Why We’ll also learn how to design your app for security, and learn how in many situations application design is the best defense.

Course overview

We start from the beginning: we see how to do user management and registration correctly: we learn how to store passwords in the database and we introduce cryptographic hashes in an accessible way. Once we get the Sign-Up feature, we implement Login and understand the need for a temporary password. Our first implementation is to enter state mode, where the token is held at the server level. And at this point we can think that we have authentication in place, but we decide to prepare our application for scalability, so we decide to try a JWT (JSON Web Tokens) based approach, because we know that this is what services like Firebase and Auth0. use. We’ll use a few Auth0 packages to quickly change our login based on JWT and learn the advantages of using JWT as well as some potential disadvantages. Then we’ll see how authentication can be done using a third-party JWT-based service like Auth0, which effectively removes all the authentication logic from our codebase and database and puts it into a service. The third party assigns. Note that this Auth0 section is only a small part of the tutorial, and its main purpose is to show how to delegate authentication to a centralized service at the enterprise level without the need for direct communication between applications and centralized authentication. service This means that if you can’t use Auth0 in your company, you can apply the same design principles and design a JWT solution that delegates authentication to a centralized server behind a firewall. Then we’ll explain how to implement role-based functionality at the UI level in Angular using the Angular Router and a custom directive to show or hide certain parts of the UI depending on the user’s role. We will learn why a router cannot implement real security. We’ll also talk about server-side authorization and implement a commonly needed security-related admin-level function: the Login As User service, which allows an administrator to log in as any user to report Check the problem. We can see why we need to secure this function! At the end of all these security vulnerabilities and fixes, we’ll have a well-secured app, and we’ll have learned tons of security-related concepts along the way in a fun and practical way!

What will you learn in this course?

With this course, you’ll have a solid foundation in the fundamentals of web application security and gain hands-on experience applying these concepts by defending an application against a range of security attacks. You have done it by doing many attacks! You will learn these concepts in the context of an Angular/Node application, but the concepts are applicable to any other technology stack. You’ll learn what built-in mechanisms Angular provides to defend against security issues, and what vulnerabilities it doesn’t defend against and why. You’ll learn best practices for password storage, design and implement a custom authentication service, learn the essentials of cryptographic hashes, get familiar with JWT and several commonly used open source Auth0 packages. You’ll learn about the following security vulnerabilities: dictionary attacks, identity token jacking techniques, the browser’s same-origin policy, how and why to combine cookies with JWTs, cross-site request forgery or CSRF, common design vulnerabilities, and more. You know common practical solutions for securing corporate and public Internet applications, such as how to use JWT to delegate authentication to a centralized service, which could be Auth0 or an internally developed service that follows similar principles. You’ll learn how to implement authorization at the UI level and use client-side constructs like router shields to implement it, and even create your own authorization-related UI directives. You will also learn about server-side authorization and how to run a backup service that is usually required and accessible only to administrators – login as a user.

What can you do at the end of this course?

This course can help you take your development career to the next level, where knowledge about web application security is essential and a key differentiator. If you own your own online business or are thinking of starting your own platform, this course covers most of what you need in practice to secure your online platform in a robust and effective way. With this course, you’ll have the knowledge to evaluate many third-party security solutions and know where to look for vulnerabilities in your application. You’ll be able to understand most application-level vulnerability reports that come from security audits performed by third-party companies, and you’ll be able to understand and fix the most common issues reported.

What you will learn in the course

  • Code in Github repository with downloadable ZIP files in each section

  • Get a solid foundation in web security fundamentals

  • Try the attacks yourself to fully understand them

  • Understanding and defending an application against common security attacks, such as dictionary attacks, cross-site request forgery, etc.

  • Deep understanding of JWT, including multiple signature types

  • Design and implement application authentication and authorization from scratch

  • Learn how to add authentication to an Angular application using JWT (and traditional server sessions).

  • Learn how to add RBAC (Role-Based Access Control) authorization to an Angular application

This course is suitable for people who

  • Angular developers are looking to learn in-depth web application security in the specific context of an Angular application

Details of Angular Security Masterclass course (with FREE E-Book)

  • Publisher: Yudmi
  • teacher: Angular University
  • Training level: beginner to advanced
  • Training duration: 7 hours and 51 minutes
  • Number of courses: 74

Course topics on 10/2023

Angular Security Masterclass course prerequisites (with FREE E-Book)

  • Just some previous knowledge of Angular and Typescript

Images of Angular Security Masterclass course (with FREE E-Book)

Angular Security Masterclass (with FREE E-Book)

Be the first to comment

Leave a Reply

Your email address will not be published.


*