In this workshop we will take a look at common security failings from a new perspective: that of the hacker. You'll be provided with a set of different sites each exhibiting a different security flaw, the challenge will be to find and exploit it and in doing so learn how to protect your own sites.

All the sites will be run locally inside docker containers so don't worry about breaking any laws! Obviously this means that you will need to bring a laptop which is capable of running docker containers in order to participate in this workshop.

Comments

Comments are closed.

Thank you. Learned a lot today.

Most attenders are non-native English speakers.
Please talk slower and pronounce clearer.
Also maybe put some more effort in having your final setup script + challanges tested by someone.

In my day to day work, like many devs, I am aware of security flaws and try to keep them in mind. However, with frameworks increasingly protecting us from making common mistakes, the mind grows lazy and it becomes easier to overlook potential attack vectors.

This hands-on workshop was a great and fun way to bring back security awareness to the foreground of one's mind. Though most developers do know about common vulnerabilities, how often do you actually probe a black box application for flaws and subsequently exploit them?

Content-wise I think the session was interesting and well-prepared. There were some minor glitches but this was to be expected considering it was the first run for this workshop. The challenges were challenging, diverse and the pace and timeline seemed to fit well.

I think that in a larger group, it may be feasible to try and reduce spoilers. Hearing people around you (understandably) happily exclaim 'oooh I think I found something in ' can sometimes give away the solution. Though honestly some collaboration is fun as well, so I'm not really sure how to circumvent this issue.

Environment-wise I think the air conditioning was a bit loud at times, making Chris a bit more difficult to hear at times.

All in all - would recommend :thumbsup: