Your hotkey to alternative software development

Essential Reading

There are many nice books out there, but a few of them contain such wisdom that I just must mention them here:

Mar '14

Hack your own WebApp

I presented this workshop on the Joy of Coding 2014. Its purpose is teach web developers how to use existing open source 'hacker' tools to test their web application for security problems. More than 50 people attended the workshop and it was regarded as one of the best of the conference.

Is your web application secure? How can you tell?

This workshop gives you an opportunity to experience your own web application from the Dark Side, from the perspective of a hacker. Forget about functional requirements, these two hours we will be exploring ways to break and abuse your application.

We will be using the 2013 OWASP Top 10 as a guideline for finding vulnerabilities and a broad set of tools in neatly prepared virtual machine, ready to be used.

You'll have fun tweaking HTTP requests, stealing session cookies and injecting all kinds of stuff into your web app. There will be some brute forcing and fuzzing as well :)

For those of you that cannot bring their own web application we will provide one with plenty of holes.

Practical notes:

Please bring a laptop or pair with someone. Make sure you have VirtualBox (https://www.virtualbox.org/) installed. Make sure you can run your web-app locally.