Angular 7 Security Masterclass
- Just some previous knowledge of Angular and Typescript
The course is an Web Application Security Fundamentals Course, where the application will use the Angular/Node stack.
This course covers Angular 6 and all the server code is in Typescript, but the security concepts explained in it are applicable to other technology stacks.
This course uses the Typescript language, and includes an auxiliary Ebook – The Typescript Jumpstart Ebook
We will use several MIT licensed Angular and Node packages from Auth0 (that you could use in your application), and we will also include a demo of how to use Auth0 for doing Application User Management.
Its important to realize that this is NOT an Auth0 specific course. Auth0 will be the source of a couple of open source packages we will use, and will be doing a quick demo of it to show how JWT makes it simple to delegate authentication to a third-party system, which could be developed in-house as well.
Security – A Fundamental Step in a Software Development Career
Security is probably the number one advanced topic that Software Developers are expected to master when going forward in their software development careers.
Security knowledge is hard to come by but its essential for advancing to more senior software development positions, like for example Application Architect or similar.
Learning Web Security Fundamentals, knowing how to design an application for security, and knowing how to recognize and fix security issues is an essential skill for a senior developer.
But the problem is that security knowledge is orthogonal to most other topics and it typically takes years to learn.
The good news is that once you have it, Security knowledge has a much longer shelf live than most software development knowledge in general.
Most of the vulnerabilities and fixes that you will learn in this course were useful 10 years ago, and will (very likely) still be useful 10 years from now – Angular and Node are just an example of one stack, to make the course examples more practical.
Security is seen as something really hard to master – this is actually not the case! Application Security is much more approachable than you might think, depending on how you learn it.
What Is The Best Way To Learn Security in a Fun and Practical Way?
Here is what we will do: we are going to take the skeleton of a running application that has no security yet, and we are going to secure the application step-by-step.
Using a couple of MIT packages from Auth0 (that you would be able to use in any project), we are going to implement the Sign-Up and Login functionality from scratch, and because security cannot be enforced only at the client-side, we will implement both the frontend in Angular and the backend in Node.
As we secure the application, and we are going to periodically attack the application many times during the course, to prove that the vulnerabilities are real!!
By doing so, we will learn along the way the fundamentals of Authentication and Authorization, we will become familiar with common vulnerabilities like Dictionary Attacks, CSRF and others, and we will get familiar with commonly used cryptographic tools like Hashing, Salting, JWT, password storage recommendations and more.
Please don’t be intimidated by these concepts: The focus in this course will not be on the internals of each of the cryptographic tools that we will use, but instead on understanding on a high-level what problems do these tools solve, when to use each and why.
We will also learn how to design our application for security, and we will learn how in many situations application design is ou best defense.
We will start at the beginning: we will see the proper way of doing User Management and Sign Up: we will learn how to store passwords in a database, and we will introduce cryptographic hashes in an approachable way.
Once we have the Sign-Up functionality in place, we will implement Login and understand the need for a temporary identity token. Our first implementation will be stateful login, where the token is kept at the server level.
And at this point we could think we have authentication in place, but we decide to prepare our application for scalability, so we decide to try a JWT (JSON Web Tokens) based approach, because we know that this is what services like Firebase and Auth0 use.
We will use a couple of Auth0 packages to quickly refactor our Login to be JWT based, and learn the advantages of using JWT, and some potential disadvantages as well.
We will then see how its also possible to do Authentication using a third-party JWT-based service like Auth0, effectively removing all authentication logic from both our codebase and our database, and delegating it to a third-party service.
Note that this Auth0-specific part is only a small part of the course, and its main goal is to show how its possible at an enterprise level to delegate authentication to a centralized service, whithout having to introduce direct communication between applications and the centralized authentication service.
This means that if you can’t use Auth0 at your company, you can apply the same design principles and design a JWT-solution that delegates authentication to a centralized server behind the firewall.
We will then cover how to do UI-level role-based functionality in Angular using the Angular Router, and a custom directive for showing or hiding certain parts of the UI depending on the role of the user. We will learn why the Router cannot enforce actual security.
We will also talk about server-side Authorization, and we will implement a commonly needed security-related Admin Level functionality: The Login As User service, that allows an admin to login as any user, to investigate a problem report. We can see why we would need to secure this functionality!
At the end of all these vulnerabilities and security fixes, we will have a well secured application and we will have learned a ton of security-related concepts along the way in a fun and practical way!
What Will you Learn In this Course?
With this course, you will have a rock-solid foundation on Web Application Security Fundamentals, and you will have gained the practical experience of applying those concepts by defending an application from a series of security attacks. You will have done so by actually performing many of the attacks!
You will have learned these concepts in the context of an Angular/Node application, but these concepts are applicable to any other technology stack.
You will learn what built-in mechanisms does Angular provide to defend against security problems, and what vulnerabilities it does NOT defend against and why.
You will be familiar with best practices for password storage, custom authentication service design and implementation, you will know the essentials about cryptographic hashes, be familiar with JWT and several commonly used open source Auth0 packages.
You will be familiar with the following security vulnerabilities: Dictionary attacks, identity token highjacking techniques, the browser same-origin policy, how to combine cookies with JWTs and why, Cross–Site Request Forgery or CSRF, common design vulnerabilities, and more.
You will know common practical solutions for securing both enterprise and public internet applications, such as how to use JWT to delegate authentication to a centralized service, which could be Auth0 or a in-house developed service that follows similar principles.
You will know how to implement UI-level authorization and use client-side constructs like Router guards to implement it and even build your own authorization-related UI directives.
You will also learn about server side authorization, and how to implement a commonly needed backend service that is only accessible to Admins – Login As User.
What Will You Be Able to do at the End Of This Course?
This course could help you take your development career to a more senior level, where the knowledge about web application security is essential and a key differentiating factor.
If you are a private internet business owner or thinking of launching your own platform, this course will contain most of what you need in practice to secure your own online platform in a robust and effective way.
With this course, you will have the knowledge necessary for evaluating many third-party security-related solutions, and you will know where to look for vulnerabilities in your application.
You will be able to understand most application-level vulnerability reports that come out of security audits done by third party companies, and you will be able to understand and fix the most commonly reported problems.
Who this course is for:
- Angular Developers looking to learn in-depth Web Application Security in the specific context of an Angular Application
Created by Angular University
Last updated 3/2019
Size: 1.34 GB
|Category||Business & Management|
|Paper Type||Case Study Writing|
Our Online Writers
Check Our Live Stats
Frequently Asked Questions
Private and Confidential
Client’s all information is private and confidential; it is not shared with any other party. Even, we don’t ask client name and give user name to his/her profile. So, no one will know that you have taken help for your Academic paper from us.
We only accept PayPal as our payment method. It is 100% secure. As, We don’t take and store any Credit/Debit card information.
It is guaranteed all your Homework/Assignments Solutions are plagiarism free and original. Writers here charge for their efforts not for Copy/Paste work and TOS management takes strict action against those writers.
All the writers working here are recruited and chosen after taking strict evaluation of their Academic degrees, Experience and background. Then, they are allowed to work here as providing quality homework solution is our first priority.
24/7 online Writers
Our website is worldwide forum, where 100s of experts all over the world remain online round a clock, so, you can come at anytime and get the help from any of your homework. Even Urgent within 1 hour!
Prices at TutorsOnSpot.com
Prices at tutorsonspot.com are very competitive and low. As, tutorsonspot.com is marketplace so, all the writers bid for getting the work and competition among the writers lowers the price and you get your work done at low minimal prices.
- Our service provides you with original content that does not have plagiarism in it. We are renowned for providing our customers with customized content that is written specifically for them. If you are thinking, can someone help me with my research paper? You can depend on us to help you out.
- Our motto is to meet deadlines and deliver your solution right on time.We understand that you want to save your time and we respect it. Regardless of the difficulty, we deliver an unparalleled solution without any delay. Moreover, you get a money back guarantee in case you are not satisfied with our service. To understand this guarantee, check our terms and conditions related to it.
- We perform a detailed research when writing your paper. With all of our services, we ensure to perform extensive research before creating your solution. Furthermore, if you have any questions, just reach out to our customer service team that is available all the day.
- It is our primary goal to satisfy you. Thus, if you are thinking: can someone write my research paper? Just contact us and get the best services that you can get.
Homework Questions in Business & Management
- How to Sell Anything to Anyone Udemy Free Download
- Business Analysis Fundamentals Udemy Free Download
- Build Internet of Things with ESP8266 & MicroPython
- The Complete Guide to League of Legends
- 2020 Complete Guide to YouTube Channel & YouTube Masterclass
- The Complete Final Cut Pro X Video Editing Crash Course
- C# Basics for Beginners – Learn C# Fundamentals by Coding
- MERN Stack React Node Ecommerce from Scratch to Deployment
- Learn Illustrator CC: Create Simple Flat Vector Characters
- Learn Python With 20+ Real World Projects [In 2020]
- A Complete Guide on TensorFlow 2.0 using Keras API
- Instagram marketing 2020 hashtags live stories ads & more
- Fullstack GoLang React Insanity Volume 1
- Blockchain Web Development on Ethereum 
- Microsoft Excel: Data Analysis using Excel Pivot Tables
- The Last Amazon FBA Course – [ 2020 ] Private Label Guide
- Excel vba programming – the complete guide
- Blender character creator v2.0 for video games design
- The Complete React Native + Hooks Course [2020 Edition]
- [Udacity] Become a Sensor Fusion Engineer
- [PacktPub] Hands-On Machine Learning for .NET Developers
- [Frontend Masters] Angular 9 Fundamentals
- Technical Analysis MasterClass:Trading By Technical Analysis
- Transformational Leadership – Leadership Course & Training
Best Service for the Struggling Students
Services For All Subjects
We have experienced tutors and assignment experts from all over the world for all subjects.
24/7 Live Writers
100's of qualified phd tutors round the clock.
Best Price Guarantee
Compare our price. Our services are of highest quality and lowest price, Guaranteed.
Plagiarism Free Work
Safe Payment Options
Pay using paypal though verified gateway for maximum safety, No risk.
100% Privacy Guaranteed
Scan our work with all plagiarism checking tools, Result will always be 0%.