Security is a tedious cat and mouse game, that’s increasing in development speed and complexity every single day. Hackers’ game plan is to know more about certain edge cases and in-depth details regarding the technologies they’re attempting to compromise, than the developers who initially built and are currently maintaining those technologies.

To truly understand and to be competent in the security aspect of PHP development, we need to learn how to think like a hacker. Once you’ve exploited a simple SQL injection vulnerability for the first time, I can guarantee that you’ll never let one slip through a code review process again.

In this workshop, you’ll be working your way through exploiting a series of vulnerabilities present on a set of intentionally poorly crafted PHP applications. There are vulnerabilities of various difficulty levels, ranging from very simple basic ones to more complicated multi-step ones that require a deeper understanding and longer development background to be exploited successfully. This workshop includes an introductory part after which we’ll be focusing on actually hands-on exploiting the applications either by ourselves or in small groups.

Learn hands-on how the most common mistakes that PHP developers make while developing web applications escalate into full-scale breaches and compromises. Gain an in-depth understanding of these vulnerabilities, and will ultimately be much more capable of protecting your applications from being hacked in the future. Once you know the basics of hacking PHP applications, you’re much less likely going to fall into these common security pitfalls in your future projects.

This workshop is intended to run either on a Linux machine (Kali, Arch, Ubuntu, Debian, or similar will do, can be in a VM as well) or on a recent version of macOS. The workshop is intended for people that have previous professional PHP development experience, and preferably basic understanding of Linux OS, command line, and TCP/IP networking basics.


Comments are closed.

Jos Elstgeest at 12:23 on 24 Jan 2020

Excellent workshop!
gives a great insight into the mindset of creating a more secure application, by thinking as a pentester
Nice examples, both for people who are already familiar with the topic as well as absolute beginners.

Thank you!!

Simon at 14:56 on 24 Jan 2020

Great workshop! The content of this workshop was exactly what I had in mind when choosing a workshop. Examples shown were easy to understand and very interesting. Thank you!

Jarno lasseel at 16:06 on 24 Jan 2020

Very good and clear workshop.
I left the room being allot more "paranoid" about the security of what I do and of the users that indeed use what I build.

I liked how you showed allot of examples and practical stuff, and it was a good pace to follow.
Also the technical stuff was very clear
I would have liked to have more time with this topic and can relate to when you said it normally takes 1 day.

Overall very happy and a great trigger to work more around security on a daily basis

Nice talk, right amount of in depth and good mix between theory and practise.

Daan at 18:51 on 25 Jan 2020

Informative and great examples. I liked the interaction between all attendees and the speaker as a group. Wish this workshop had more time on the conference, because I've learned a lot in the time we had.

Looking forward to your next workshop/talk!