2025-11-18 –, Workshop 3
In this hands-on workshop, you'll learn the fundamentals of web security through real-world scenarios and current best practices. We’ll start with the OWASP Top 10 and take a deep dive into common vulnerabilities such as injection attacks (e.g., XSS, SQL Injection), Cross-Site Request Forgery (CSRF), authentication failures, and broken access control – with a special focus on the risks surrounding access tokens and OAuth.
Of course, it's not just about the attacks – we’ll place a strong emphasis on effective defense strategies:
- Secure data handling through sanitization
- Implementing a Content Security Policy
- Secure cookie usage and proper attribute settings
- Validating access tokens correctly
What makes this workshop special: you’ll immediately put your knowledge into action! Using hands-on examples in an Angular application, you'll get to try out and apply the concepts live.
This workshop is ideal for developers looking to better protect their applications against security vulnerabilities and provides a solid foundation for securing modern web applications.
Beginner
Martina Kraus has been active in the world of web development since her early years and has gradually become an expert in web security. As an Security Engineer, she focuses on integrating security best practices into all phases of software development. In her role as a Google Developer Expert (GDE) in Angular, she enjoys sharing her knowledge of Angular security at both national and international conferences. She also regularly organizes ngGirls events (free Angular workshops for women) and is currently writing a book in German about authentication and authorization in web applications.