Hack this workshop!

Christopher Riley (07.Jun.2018 at 09:30, 3 hr )
Workshop at Dutch PHP Conference 2018 (English - US)

Rating: 4 of 5

In this workshop we will take a look at common security failings from a new perspective: that of the hacker. You'll be provided with a set of different sites each exhibiting a different security flaw, the challenge will be to find and exploit it and in doing so learn how to protect your own sites.

All the sites will be run locally inside docker containers so don't worry about breaking any laws! Obviously this means that you will need to bring a laptop which is capable of running docker containers in order to participate in this workshop.

Who are you?

Claim talk

Talk claims have been moved to the new Joind.in site.

Please login to the new site to claim your talk

Want to comment on this talk? Log in or create a new account or comment anonymously

Write a comment

 
Please note: you are not logged in and will be posting anonymously!
= six minus one

Comments

Rating: 4 of 5

07.Jun.2018 at 12:42 by Jeroen Vermeulen (17 comments) via Web2 LIVE

Thank you. Learned a lot today.

Most attenders are non-native English speakers.
Please talk slower and pronounce clearer.
Also maybe put some more effort in having your final setup script + challanges tested by someone.

Rating: 4 of 5

07.Jun.2018 at 13:13 by Choong Wei Tjeng (10 comments) via Web2 LIVE

In my day to day work, like many devs, I am aware of security flaws and try to keep them in mind. However, with frameworks increasingly protecting us from making common mistakes, the mind grows lazy and it becomes easier to overlook potential attack vectors.

This hands-on workshop was a great and fun way to bring back security awareness to the foreground of one's mind. Though most developers do know about common vulnerabilities, how often do you actually probe a black box application for flaws and subsequently exploit them?

Content-wise I think the session was interesting and well-prepared. There were some minor glitches but this was to be expected considering it was the first run for this workshop. The challenges were challenging, diverse and the pace and timeline seemed to fit well.

I think that in a larger group, it may be feasible to try and reduce spoilers. Hearing people around you (understandably) happily exclaim 'oooh I think I found something in ' can sometimes give away the solution. Though honestly some collaboration is fun as well, so I'm not really sure how to circumvent this issue.

Environment-wise I think the air conditioning was a bit loud at times, making Chris a bit more difficult to hear at times.

All in all - would recommend :thumbsup:

© Joind.in 2018