SecAppDev 2020 Workshop Details

A builder's guide to API security

Philippe De Ryck
Wednesday March 11, 09:00 - 17:30

Most modern applications consist of a frontend web or mobile application, backed by several API-based services. This paradigm shift from server-side page generation causes a significant impact on various security aspects. To build secure applications, developers need to be aware of these security changes, along with current best practices. This one-day workshop offers a unique in-depth perspective on modern API security.

  • API authentication
  • Managing "sessions"
  • Securely handling JSON Web Tokens
  • Understanding and securing Cross-Origin Resource Sharing (CORS)
  • Custom-built offensive and defensive lab assignments
Learning goal

An in-depth perspective on the right approach for securing APIs.

Content level


Target audience

Anyone who is concerned about building secure APIs.


Experience with developing web-facing APIs.

Technical requirements

A laptop with a modern browser (e.g., Chrome, Firefox) installed.

Philippe De Ryck

Philippe De Ryck

Founder, Pragmatic Web Security

Philippe De Ryck helps developers protect companies through better web security. As the founder of Pragmatic Web Security, he travels the world to train developers on web security and security engineering. His Ph.D. in web security from KU Leuven lies at the basis of his exceptional knowledge of the security landscape. Google recognizes Philippe as a Google Developer Expert for his work on security in Angular applications.

Full speaker profile

Related web security sessions