Philippe De Ryck

@[email protected]
313 Followers
21 Following
26 Posts
I help developers protect companies through better web security
Websitehttps://pragmaticwebsecurity.com
Philippe De RyckApr 9, 2025

I'm running another edition of my OAuth / OIDC masterclass this May.

Come learn everything you ever wanted to know about OAuth 2.0 and OpenID Connect best practices in four 3-hour sessions. This course guides you through the complexities of OAuth and OIDC, covering the latest best practices for browser-based apps, API security, and high-security OAuth configurations.

Take advantage of early bird and group (3+) discounts and secure your spot today! #appsec https://ti.to/pragmatic-web-security/oauth-security-may-2025-eur

Mastering OAuth 2.0 and OIDC Security (May 2025, EUR)

OAuth 2.0 and OpenID Connect have become cornerstone technologies for most modern applications. Unfortunately, these technologies are insanely complex to grasp, making it hard to use them securely. This workshop takes you on a step-by-step journey into the world of OAuth 2.0 and OpenID Connect. We start with understanding best practices for building secure applications with OAuth 2.0 and OIDC. Next, we will level up your OAuth 2.0 security using the latest state-of-the-art security mechanisms. During this two-day hands-on training, spread out over four half days, we'll explore a broad range of OAuth 2.0 and OIDC topics. The outline below illustrates what the workshop will look like. Day 1 Introduction to OAuth 2.0 and OpenID Connect Architecture patterns using OAuth 2.0 and OpenID Connect Best practices for securing OAuth 2.0 and OIDC flows Understanding OAuth 2.0 security in frontends Breaking OAuth 2.0 security in frontends Securing OAuth 2.0 with the Backend-For-Frontend pattern Securing APIs with OAuth 2.0 Demos and practical examples throughout the day Day 2 Using scopes and permissions in OAuth 2.0 Advanced use cases for OAuth 2.0 and OpenID Connect Handling delegation scenarios in modern architectures Security best practices for confidential OAuth 2.0 clients Reducing access token authority with Resource Indicators Using sender-constrained tokens with mTLS and DPoP Securing OAuth 2.0 flows with JAR and PAR Advanced attacks and defenses against OAuth 2.0 flows Demos and practical examples throughout the day This workshop is here to give you the skills you need to design architectures using OAuth 2.0 and OpenID Connect, to assess the security of your applications, and to enhance them using the latest best practices. In-depth lectures, real-world demos, fun quizzes, and practical examples will guide you through the complex landscape of OAuth 2.0 and OpenID Connect. Ticket prices in EUR and event timing displayed for the Central European time zone. This course page offers access to the same course with prices in USD.

Tito
Philippe De RyckJan 29, 2025
This cheat sheet gives you an overview of current best practices for using OAuth 2.0. Grab a PDF copy here (https://buff.ly/4jCred1). If you want to learn more about these topics, this masterclass covers it all! https://buff.ly/3PnrZJ6 The early-bird rate has been extended for a few more days, so grab a ticket now!
Pragmatic Web Security

Pragmatic Web Security Email Forms

Philippe De RyckJan 6, 2025

I hope you enjoyed the EOY festivities, and wish you the best for 2025 🎉

I am kicking off 2025 with a new live interactive training on Mastering OAuth 2.0 and OpenID Connect. This course guides you through the complexities of OAuth and OIDC, covering the latest best practices for browser-based apps, API security, and high-security OAuth configurations.

Take advantage of early bird and group (3+) discounts and secure your spot today! All info available here: https://ti.to/pragmatic-web-security/oauth-security-feb-2025 #appsec

Mastering OAuth 2.0 and OIDC Security (February 2025)

OAuth 2.0 and OpenID Connect have become cornerstone technologies for most modern applications. Unfortunately, these technologies are insanely complex to grasp, making it hard to use them securely. This workshop takes you on a step-by-step journey into the world of OAuth 2.0 and OpenID Connect. We start with understanding best practices for building secure applications with OAuth 2.0 and OIDC. Next, we will level up your OAuth 2.0 security using the latest state-of-the-art security mechanisms. During this two-day hands-on training, spread out over four half days, we'll explore a broad range of OAuth 2.0 and OIDC topics. The outline below illustrates what the workshop will look like. Day 1 Introduction to OAuth 2.0 and OpenID Connect Architecture patterns using OAuth 2.0 and OpenID Connect Best practices for securing OAuth 2.0 and OIDC flows Understanding OAuth 2.0 security in frontends Breaking OAuth 2.0 security in frontends Securing OAuth 2.0 with the Backend-For-Frontend pattern Using scopes and permissions in OAuth 2.0 Securing APIs with OAuth 2.0 Demos and practical examples throughout the day Day 2 Advanced use cases for OAuth 2.0 and OpenID Connect Handling delegation scenarios in modern architectures Security best practices for confidential OAuth 2.0 clients Reducing access token authority with Resource Indicators Using sender-constrained tokens with mTLS and DPoP Securing OAuth 2.0 flows with JAR and PAR Advanced attacks and defenses against OAuth 2.0 flows Demos and practical examples throughout the day This workshop is here to give you the skills you need to design architectures using OAuth 2.0 and OpenID Connect, to assess the security of your applications, and to enhance them using the latest best practices. In-depth lectures, real-world demos, fun quizzes, and practical examples will guide you through the complex landscape of OAuth 2.0 and OpenID Connect.

Tito
Philippe De RyckDec 10, 2024

Last week, I taught two 2-day classes. One on frontend security, and one on API security. In my experience, teaching is always insanely intense and really requires an enormous amount of energy. Fortunately, the feedback definitely makes it worth it!

Now two weeks of doing my own research, along with some consulting assignments. And of course, prepping the menu and trying out some dishes for the holidays!

Philippe De RyckMar 20, 2024

🚀 Excited to unveil our initial #SecAppDev 2024 lineup for topics on #appsec, #api #web #ai security and #crypto.

Previous attendees loved the depth of our content, networking opportunities, and the overall vibe. Get your ticket today & join SecAppDev 2024! https://buff.ly/2JbEioy

SecAppDev 2026

SecAppDev is an intensive one-week course in secure application development. In-depth lectures and hands-on workshops take you on a deep-dive in today's security best practices.

SecAppDev
Philippe De RyckMar 19, 2024

Today, I had the honor to be invited as a guest expert to speak at the EU Sign Stakeholders forum in Brussels. I talked about IAM challenges in cloud adoption efforts.

Not only did I have a great time, it was also a pleasure to speak with so many skilled professionals building EU's digital systems.

Thanks for having me! #oauth #oidc #appsec #infosec

Philippe De RyckJun 5, 2023
One week until #SecAppDev2023, and we're almost sold out! Just 8 spots left, so don't miss out! Amazing speakers, in-depth sessions, real-world tips – one of the best #appsec experiences out there. Register at https://secappdev.org. Hurry, secure your spot now! #Cybersecurity
SecAppDev 2026

SecAppDev is an intensive one-week course in secure application development. In-depth lectures and hands-on workshops take you on a deep-dive in today's security best practices.

SecAppDev