Building secure applications requires more than just adding encryption. Key management, metadata protection, and traffic analysis defences are just some of the challenges you'll need to tackle. This workshop takes you from basic encryption to advanced protection mechanisms. You'll learn how to secure data both at rest and in transit, implement perfect forward secrecy, and handle secure device migration.

Through practical implementations and architectural deep-dives, you'll learn the patterns and practices that make applications truly secure. We'll focus on real-world security engineering, emphasising approaches that work at scale.

You'll learn:
- Basic end-to-end encryption setup
- Group encryption fundamentals
- Metadata protection techniques for data at rest
- Traffic analysis protection and metadata in transit
- Perfect forward secrecy and key rotation
- Secure device migration approaches
- Key management best practices

Through a combination of hands-on implementation and architectural theory, you'll end the workshop having built a working encrypted application and gained the knowledge to make informed security decisions in your own projects.

Prerequisites
Familiarity with JavaScript and basic API consumption. Experience building web applications is helpful but not required.

What to bring
You'll need a laptop with a modern web browser. The workshop is designed to run in a cloud environment using Gitpod, removing the need for local setup. However, if you prefer working locally, you can use any environment with Node.js 20 or later, a code editor (VS Code recommended), and Git installed.

Optional:
- Basic understanding of public key cryptography
- Experience with Next.js or similar full-stack frameworks