Join Us For an Exclusive Workshop:
Web Security

with Mike North

September 12th, 2017 • 9:30am – 5:00pm CST

Attend Online

Live and Full HD


Attend In-Person

From: Downtown Minneapolis, MN

Start Learning Today Learn Web Security Money-back Guarantee

Here’s why you should join us!

By coding along with us in this workshop you’ll:

  • Get hands-on experience, both from the attacker and defender standpoint
  • Understand the latest threats and advances in web application security
  • Use penetration testing tools to detect vulnerabilities in a sample web application
  • See first-hand, just how much damage an attacker can do with an XSS vulnerability
  • Look at a man-in-the-middle attack, from the perspective of the attacker, the developer, and the victim.
  • And more…

Your Instructor

Mike North

Mike is a modern web consultant, and Staff Engineer at Linkedin, where he works with the Web Frameworks team to maintain the company’s tech stack. If you use emberjs, webpack, preact, angular-cli or a vast list of other projects, his thousands of open source contributions per year and paranoia about web security, help keep you productive and safe.

Before joining LinkedIn, as CTO of Levanto Financial, systems he designed were trusted (and appropriately hardened) to hold the type of financial data hackers and identity thieves love to target. Before that, he was the UI Architect of Yahoo Ads & Data, where he was charged with maintaining the security and safety of the company’s next-generation ad platform, and the hundreds of millions of dollars that flow through it per year.

Interact With the Instructor

Online & In-Person

Get Your Questions Answered

Spend A Full Day Immersed With Mike North

Web Security

Security is an increasingly important part of building modern web applications, but it often falls victim to the pressure of tight deadlines. As attacks become more sophisticated, protecting our users becomes not just an ethical responsibility, but part of preserving a company’s reputation and trust.

In an effort to understand what we as developers are up against, we’ll  get hands-on experience staging some attacks, and in doing so learn how we can fend off those who would do our users harm.

We’ll begin with a series of attacks that relate to a web application client, starting with Cross-Site Scripting (XSS) and malicious image/pdf attachments. We’ll get authenticated users to perform unwanted actions using a Cross-Site Request Forgery (CSRF) attack, and learn about defense strategies like CSRF tokens. We’ll even learn how to stage a Clickjacking attack and use hidden iframes to trick users into interacting with one application while they think they’re using another.

Next, we’ll turn our focus onto our web application’s back end. We’ll use a SQL injection attack to expose private information from a database and learn how to sanitize user input properly to protect against this kind of thing. We’ll also attack the app’s authentication system its self, to try and determine which usernames correspond to registered accounts.

Finally, we’ll look at the network connection between our user and the web application back-end, and explore how a man-in-the-middle attack is staged. We’ll get some hands-on experience with modern browser security features like HSTS headers and Subresource Integrity — technologies that can protect users on a compromised WiFi network. 

Included with Frontend Masters Membership



Watch Now

How We'll Spend the Day

We've already held over 80 workshops holding thousands attendees in-person and online. In this time we've discovered ways to schedule the day so it goes smoothly and efficiently.

Regardless if you're in-person or participating with us online you'll have the full ability to replay things you missed, get your questions answered LIVE and interact with the teacher throughout the day.

During the day, we'll cover in order:

  • 9:30am – Welcome
  • 10:00am – State of Web App Security
  • 10:30am – Categories of Attack
  • 11:00am – Protecting Developer Secrets
  • 11:15am – Cross-site Scripting (XSS)
  • 11:30am – Attack: Cross-site Scripting
  • 11:45am – Defend: Cross-site Scripting
  • 12:00pm – Cross-Site Request Forgery Attacks (CSRF)
  • 12:15pm – Attack: CSRF
  • 12:30pm – Defend: CSRF
  • 1:00pm – Lunch
  • 2:00pm – Clickjacking Attacks
  • 2:15pm – Attack: Clickjacking
  • 2:30pm – Defend: Clickjacking
  • 2:45pm – SQL Injection
  • 3:00pm – Attack: SQL Injection
  • 3:15pm – Defend: SQL Injection
  • 3:30pm – Timing Attacks
  • 3:45pm – Attack: Timing
  • 4:00pm – Defend: Timing
  • 4:15pm – Man-in-the-middle Attacks, HTTPS, and HSTS
  • 4:30pm – Subresource Integrity
  • 5:00pm – Wrap Up and Recap

*Note that this is a rough schedule of how each day typically break down, but that this will be adjusted as we go to make sure everyone can follow along.

The Price

The price for attending this full day workshop is simply the cost of becoming a monthly ($39) member. If you have already attended one, you know this is a tremendous value. If you haven’t, you may be wondering if it’s truly worth becoming a member.

Browse through just a few of the testimonials and you’ll see that people RAVE over these workshops. They’re unique and provide an experience and education you simple cannot find anywhere else.

You’re getting access to some of the brightest, most highly sought after experts in the world, covering topics very few people discuss in detail. Many attendees report learning more in this full day workshop than they did about a particular topics in the past 1-2 years combined.

Combine that with access to thousands of unique, high quality videos in our membership area with 500 hours of in-depth training from world renowned experts and you’ll see why this is a bargain.

  1. These workshops are different from any others you’ve attended. They cover everything, from the basics to advanced material. All of which are available for replay so you can go back and review as your skill grows.

  2. We get a lot of people saying they are scared to join… until it was over. Then they brag about how much of an amazing value they got for the price.

  3. You’re also getting videos of the workshop, plus ALL other workshops we’ve recorded, instantly!

Watch Now

Is This Workshop For Me?

This workshop is intended for web application developers who have an understanding of how a client and server interact with each other. If you know what HTTPS, DNS and SQL are, and have some hands-on experience with JavaScript, you should get a lot out of this!

You'll Either LOVE This Workshop Or You Don't Pay. Period.

Our attendees are ecstatic by the high-quality, relevant content they receive at these workshops.

We cover everything in explicit detail (and the things we miss are covered by answers to YOUR questions) from basic to advanced tactics you can start working with the very same day. We don't want you to miss out on this opportunity because you've been to less-than-stellar workshops in the past. We promise you, ours are very unique.

That's why if you attend the workshop and aren't absolutely thrilled with the content… if you don't think it's worth the admission price… We refuse to accept your money. We will more than gladly issue you a full refund, so you risk nothing.

We're very specific about what you're getting here and have ran lots of workshops… so we've almost never have requests for refunds (99.8% satisfaction rate).

MJG Workshop Center • 60 South Sixth Street, Suite 3625, Minneapolis, MN, 55402

What Past Attendees Are Saying

"Superb presentation from a genuine domain expert. I learned a ton today."

Steve Jakubowski

"Keep up the good work. I've attended a lot of online workshops, and they are very shallow and unpractical. Most of the time, online people are treated as second class, but still paying citizens. Here we get all the content and get to participate as well (if only there was a way to get those cookies...)."

Adrian Murillo

"The class was great. It was really cool to get a bunch of links to example code to look at during the presentation and after the class."

Nate Yourchuck

"Good location and facility. Great technology for capture, presentation layout and video streaming. Really excellent being able to view the videos afterwards. It takes away the sense of having to absorb everything immediately or else lose it into the ether. It was fun. What more can you ask for?"

Laurence Bates

"Really well run...loved the communication pre-event. Very impressed with everything...this was my first online conference purchase, but I would definitely consider doing it again."

Jeff Sims

"I really enjoyed the online workshop experience. It is much better than just watching videos. I was able to participate in the conversations and benefit from other folks' questions."

Dana Greenberg

"You guys did a really great job! I cannot say enough good things about the experience."

Richard Ranke

"Everything was first class: excellent instructor, material, video, moderator, audio. Thank you!"

Oscar Pagani

My name is Marc Grabanski I'm the founder of Frontend Masters. I guarantee this workshop will be awesome. Period.

If you don't think it's worth 10x the value, I'm happy to give you back every penny. That's my promise to you!

Marc Grabanski
Founder Frontend Masters