In the 1990s, the World Wide Web was just a collection of static pages with zero interactivity. Today the "new" web has a plethora of emerging frameworks and tools, simply increasing the number of threats. The complexity of software development has also grown with the need for things like single-sign-on support, LDAP integration, social identity providers, and SAML v2.0 authentication. Delegating the security logic to an external framework is the way to ensure some best practices. This technical tutorial guides the participants through all the common vulnerabilities and how to secure their applications in practice with Keycloak. The tutorial is meant for Java EE developers and has a really low learning curve.