Skip to main content

Client-side Web Crypto

With the introduction of wide-ranging and impactful legislation and requirements for privacy and data security (like GDPR), a radical, yet powerful cryptography-based solution is gaining traction and relevance. The “Untrusted Server” model assumes the Web application backend will never have access to customers’ data in plaintext, thereby negating almost all impact of data breaches – as the server is unable decrypt users’ data, so is the attacker.


The purpose of this course is to introduce the “Untrusted Server” security model, its strengths and limitations, as well as proper security-oriented development procedures and to demonstrate practical security concerns in the process, e.g. threat modelling, host hardening, proxying, etc.


During the training, participants will start from a skeleton project and complete a fully-functional secure file sharing service in Node.js and will incrementally deploy different security mechanisms and protections.


Course agenda:

  • Client-side cryptography security model
  • “Case study” introduction
  • Workshop #1 – Implementing client-side crypto
  • Workshop #2 – Deploy behind reverse-proxy
  • Workshop #3 – Implement security mechanisms
  • Exercise – Optional features
  • Discussion – Future concerns


Ideal for: Senior full-stack developers, DevOps professionals, System administrators with serious programming knowledge.


Prerequisites: Strong Web and JavaScript knowledge; basic Node.js knowledge; basic Linux knowledge.

Participants should bring a laptop/notebook with a 64-bit OS and virtualization enabled (VT-x), as well as VirtualBox installation.


Certificate: Upon successful completion of the course, attendees will receive a certificate from ESI CEE.