While secure development practices are an important part of keeping your application and its data protected, you also have to prove your defenses are working. Developers are used to things like unit testing and even functional testing but some feel out of their depth when it comes to security testing. Effective security testing, or pentesting, is easier than you might think.

We’ll start by introducing some of the techniques and tools you can use to test your own applications and finish with a contest to see how much you’ve learned.


Comments are closed.

Eric Poe at 11:34 on 19 Apr 2018

This hands-on approach to teaching how to prevent security vulnerabilities made understanding those vulnerabilities easier to understand.

Darren Wright at 11:42 on 19 Apr 2018

Really enjoyed the content and the hands-on interaction was invaluable and eye-opening to understanding pentesting processes.

I had a lot of fun in Chris' session. The material was amazing, the challenges were fun and easy to follow. Looking forward for the extra challenge!

There was some good information here, but honestly I was expecting a _tutorial_, not just a series of challenges. This was more like where the cartoon dad says "you can die in water. Your life may depend on learning to swim" and you understand and then he just throws you into the pool and says "ok, now swim!". I tried participating at first, but it quickly became apparent that this was not a tutorial session so much as a "fun session" for developers already familiar to some extent with pentesting. I've seen Chris speak previously and was blown away with his presentation so maybe my hopes were set too high, but this one was disappointingly disorganized and under developed.

Chris Cornutt (Speaker) at 16:44 on 19 Apr 2018

@max Thanks for the honest feedback - I appreciate it. If I give this one again in the future I may try to tweak the abstract to give a better idea of what it'll be like. Maybe a better mix of basic concepts and challenges rather than the current challenge-heavy split could help with this.

John Congdon at 11:22 on 20 Apr 2018

The challenges are fun and interesting to learn the techniques that are used to break into a site.

Jared Cobb at 14:22 on 20 Apr 2018

I appreciate when conference have a MIX of intro, intermediate, and advances talks. I'd say this was intermediate level and I followed along just fine.

Chris, I wouldn't water the talk down too much if I were you. Rather, just mention in the abstract that attendees should be familiar with the basics (which I think you actually did on your blog).

Great session!