Secure Credential Handling

Insecure management of credentials is one of the most common causes of security incidents in modern applications. From weak passwords and unprotected API keys to hardcoded secrets — the attack surface is large.

Fortunately, there are proven practices and modern tools that enable secure handling of credentials. From WebAuthn and passkeys for users to TLS-based authentication for services — without complex OAuth flows or risky DIY JWT implementations.

This training provides hands-on approaches for secure credential management across all environments and shows how to handle and monitor authentication errors safely when they occur.

• Sign-in methods: from passwords and WebAuthn/passkeys to API authentication
• Why JWTs can be problematic and which alternatives make sense
• TLS-based authentication for standard services like MySQL and Redis
• Credential rotation, revocation, and certificate management
• Secure usage: environment variables, container secrets, and secrets managers
• Managing credentials consistently from dev to production
• Error handling and monitoring without logging sensitive data
• Least privilege and other authorization concepts

This training is aimed at developers, DevOps engineers, and security owners who want to implement secure authentication in their applications and manage credentials professionally.

We recommend basic knowledge of web development and working with APIs.

Experience with authentication methods and container technologies is helpful but not required.

• You'll know the different authentication methods and how to evaluate their suitability
• You'll understand the security aspects of various sign-in approaches
• You'll be able to establish credential-management processes in your organization
• You'll get hands-on experience with different approaches to secret management