Udemy – Angular Security Masterclass (with FREE eBook) 2022-10 – Download

Description

Angular Security Masterclass (with FREE eBook) is a foundation course in web application security where the application uses the Angular/Node stack. All server code is in TypeScript, but the security concepts described in it are applicable to other technology stacks as well. This course includes a companion eBook – the Typescript Jumpstart eBook. We use several MIT-licensed Angular and Node packages from Auth0 (which you can use in your own application), and we provide a demo of how to use Auth0 to program user management. It’s important to note that this is not an Auth0-specific session. Auth0 will be the source of several open source packages that we will be using, and we will do a quick demo of them to show how JWT simplifies handing off authentication to a third-party system that can be developed in-house. , Good.

Security – a fundamental step in the software development profession

Security is probably the number one advanced topic that software developers need to master in their software development career. Security knowledge is hard to come by, but it is essential for moving up to senior software development positions, such as an application architect or similar. Learning the basics of web security, knowing how to design a security application, and how to diagnose and fix security issues are essential skills for a senior developer. The problem, however, is that security knowledge is orthogonal to many other topics and it usually takes years to learn. The good news is that security knowledge lasts much longer than software development knowledge in general. Most of the vulnerabilities and fixes you learn about in this course were useful 10 years ago and will (very likely) still be useful 10 years from now – Angular and Node are just one example of a stack that can be added to the examples in the course. Practical. Mastering security is perceived as something very difficult – but it isn’t! Depending on how you learn it, application security is much more accessible than you think.

What is the best way to learn safety in a fun and practical way?

Here’s what we’ll do: We’ll take the skeleton of a running program that isn’t yet secure and secure the program step by step. Using some MIT packages from Auth0 (which you can use in any project), we’ll want to implement registration and login functionality from scratch. Since security can’t only be applied on the client side Kurd, we’ll implement both the frontend in Angular and the backend in Node. Since we’re securing the application, we’ll periodically attack it multiple times throughout the course to prove that the vulnerabilities are real!! Along the way, we’ll learn the basics of authentication and authorization, learn about common vulnerabilities like dictionary attacks, CSRF, and more, and learn about common cryptographic tools like hashing, salting, JWT, password storage recommendations, and more… Please don’t be intimidated by these concepts: the focus of this course is not on the internals of each cryptographic tool we’ll use, but rather on a comprehensive understanding of what problems these tools solve and when. Use Which and Why. You’ll also learn how to make your app secure and how application design is the best defense in many situations.

Course overview

We start from scratch: we see how to properly perform user management and registration, we learn how to store passwords in the database and we introduce cryptographic hashes in an accessible way. Once we get the login functionality, we implement the login and understand the need for a temporary password. Our first implementation is to enter state mode where the token is held at the server level. And at this point we can think that we have authentication, but we decide to prepare our application for scalability, so we opt for a JWT (JSON Web Tokens) based approach because we know that services like Firebase and others use Auth0. We will use some Auth0 packages to quickly change our login based on JWT and learn the advantages of using JWT as well as some possible disadvantages. Then we will see how authentication can be done using a third party JWT based service like Auth0 which effectively removes all the authentication logic from our code base and database and puts it into a service. The third party steps off. Note that this Auth0 section is only a small part of the tutorial and its main purpose is to show how authentication can be delegated to a central enterprise level service without the need for direct communication between applications and centralized authentication. This means that if you cannot use Auth0 in your organization, you can apply the same design principles and design a JWT solution that delegates authentication to a central server behind a firewall. Then we will explain how to implement role-based functionality at the UI level in Angular using the Angular Router and a custom directive to show or hide certain parts of the UI depending on the user’s role. We will learn why the Router cannot implement true security. We will also talk about server-side authorization and implement a commonly needed security-related feature at the administrator level: the “Login as user” service, which allows an administrator to log in as any user to check the issue. We understand why we need to secure this feature! At the end of all these vulnerabilities and fixes, we will have a well-secured app and we will have learned a ton of security-related concepts in a fun and practical way!

What will you learn in this course?

With this course, you’ll have a solid foundation in the fundamentals of web application security and gain hands-on experience applying these concepts by defending an application against a variety of security attacks. You did it by running lots of attacks! You’ll learn these concepts in the context of an Angular/Node application, but the concepts are applicable to any other technology stack. You’ll learn what internal mechanisms Angular provides to defend against security issues, what vulnerabilities it doesn’t defend against, and why. You’ll learn best practices for password storage, design and implement a custom authentication service, learn the basics of cryptographic hashes, and get familiar with JWT and several commonly used open source Auth0 packages. You’ll learn about the following vulnerabilities: dictionary attacks, identity token jacking techniques, the browser’s same-origin policy, how and why cookies are combined with JWTs, cross-site request forgery or CSRF, common design vulnerabilities, and more. You’ll know common practical solutions for securing enterprise and public Internet applications, such as how to use JWT to delegate authentication to a central service, which can be Auth0 or an internally developed service that follows similar principles. You’ll learn how to implement authorization at the UI level and use client-side constructs like Router Shields to implement it, and even create your own authorization-related UI statements. You’ll also learn about server-side authorization and how to run a backup service, which is usually required and accessible only to administrators – log in as a user.

What will you be able to do at the end of this course?

This course can help you take your development career to the next level, where knowledge of web application security is essential and a key differentiator. If you own your own online business or are thinking about starting your own platform, this course covers the majority of what you will need in practice to secure your online platform robustly and effectively. With this course, you will have the knowledge to evaluate many third-party security solutions and know where to look for vulnerabilities in your application. You will be able to understand most application-level vulnerability reports that come from security audits conducted by third-party companies, and you will be able to understand and fix the most commonly reported issues.

What you will learn in the course

  • Code in Github repository with downloadable ZIP files in each section

  • Get a solid foundation in web security fundamentals

  • Try the attacks yourself to fully understand them

  • Understand and defend an application against common security attacks such as dictionary attacks, cross-site request forgery, etc.

  • Deep understanding of JWT, including multiple signature types

  • Design and implement application authentication and authorization from scratch

  • Learn how to add authentication to an Angular application using JWT (and traditional server sessions).

  • Learn how to add Role-Based Access Control (RBAC) authorization to an Angular application

This course is suitable for people who

  • Angular developers want to delve deeper into web application security in the specific context of an Angular application.

Details of Angular Security Masterclass Course (with FREE eBook)

  • Editor: Udemy
  • Teacher: Angular University
  • Training level: beginner to advanced
  • Training duration: 7 hours and 51 minutes
  • Number of courses: 74

Course topics on 10/2023

Angular Security Masterclass (with FREE eBook)

Angular Security Masterclass Prerequisites (with FREE eBook)

  • Only some prior knowledge of Angular and Typescript

Images of Angular Security Masterclass Course (with FREE eBook)

Angular Security Masterclass (with FREE eBook)

free download software latest version