Workshop: Hack Yourself First: How to go on the Cyber-Offence
Cyber-attacks have become a reality of running software on the web today. We find ourselves under a constant barrage of malicious activity from hacktivists, online criminals and increasingly, nation states. Successful attacks from these adversaries are predominantly via flaws in the software products they target – flaws that could have been prevented by developers understanding how online attackers work and what the appropriate defensive measures are.
“Hack Yourself First” is all about building up defensive skills in developers. It looks at security from the attacker’s perspective and takes them through the steps necessary to exploit vulnerable software on the web so that they can experience hacking first hand. Workshop participants are set specific goals they must complete that involve probing for risks and then exploiting discrete vulnerabilities in a specially built vulnerable application. The interactive nature of the workshop means that multiple attack vectors are usually identified across the spectrum of participants and each person contributes their own unique perspective as to how specific risks are exploited.
The objective of the workshop is that each person walks away with demonstrated experience across a broad spectrum of specific risks. They not only learn about but also demonstrate practical experience across a range of different vulnerabilities targeted to the specific needs of the group.
1. SQL injection
2. Cross site scripting
3. Cross site request forgery
5. Session hijacking
6. Account enumeration
7. Transport layer security
8. API security
9. Mobile services integration
10. Brute force attacks
11. Passwords cracking
12. Parameter tampering
13. Attack automation
14. Dynamic analysis
- Software Developers
- System Administrators
This workshop is aimed at any software developer, system admin or tester who wants to get a better understanding what is going on in cyber space if it comes to hacking and cracking of systems. This workshop enables you to take a pro-active approach and you learn how hackers will try to break your system. This workshop will be an eye opener for most attendees and it is the starting point of becoming a better developer. It all starts with awareness and improving your own habits. So start hacking yourself first, to become a better developer!
Attendees will need to bring a computer with one of following software options installed:
Charles Proxy: http://www.charlesproxy.com/download/
Burp Suite: https://portswigger.net/burp/communitydownload
If possible please also bring your smartphone.
About the instructors
Troy Hunt is an Australian Microsoft Most Valuable Professional for Developer Security and Author for Pluralsight — a leader in online training for technology and creative professionals. Troy has been building software for browsers since the very early days of the web and possesses an exceptional ability to distil complex subjects into relatable explanations. This has lead Troy to become an industry thought leader in the security space and produce many top-rated courses for Pluralsight. Currently, Troy is heavily involved in Have I been pwned? a free service that aggregates data breaches and helps peopleestablish potential impacts from malicious web activity. As the author of the eBook and series “OWASP Top 10 for .NET Developers”, Troy blogs regularly about web security and is a frequent speaker at industry conferences and throughout the media to discuss a wide range of technologies. Aside from technology and security, Troy is an avid snowboarder, windsurfer, tennis player and regular motor sport participant.
Scott Helme is a hacker, researcher and builder of things. He founded securityheaders.com and report-uri.com. He's a Pluralsight author, BBC hacker in residence and award winning entrepreneur.