Hack Yourself First with Scott Helme – GOTO Academy NL
Hack Yourself First with Scott Helme

GOTO Academy NL

Hack Yourself First with Scott Helme

Price:

Contact Us for Pricing

Do you have any questions?

Description

  'Hack Yourself First' at a glance

Price:

Contact us

Duration:

2 days, 09:00-17:00

Location & Delivery:

Location: GOTO Academy 

Course delivered in English 

Interesting for:

 

Software developers, security professionals, testers and technology management

 

About the trainer Scott Helme:

Scott Helme is a Security Researcher, international speaker, and trainer. He is also the founder of the popular securityheaders.com and report-uri.com, free tools to help you deploy better security!

Scott is an absolute industry leader in many of the areas this Masterclass covers and knows the tech inside and out. He's an increasingly public figure at the moment too, often appearing on the BBC and other media programs (his recent appearance on BBC Click where they pull OSINT data on audience members was especially cool).

You can connect with Scott on Twitter 

 

We're excited to have Scott Helme in Amsterdam to deliver the "Hack Yourself First" masterclass that has been created by Troy Hunt and has been exceptionally well received around the world.

It is all about building up defensive skills in software developers. It looks at security from the attacker's perspective and takes them through the steps necessary to exploit vulnerable software on the web so that they can experience hacking first hand. Workshop participants are set specific goals they must complete that involve probing for risks and then exploiting discrete vulnerabilities in a specially built vulnerable application. The interactive nature of the workshop means that multiple attack vectors are usually identified across the spectrum of participants and each person contributes their own unique perspective as to how specific risks are exploited.

The objective of the Masterclass is that each person walks away with demonstrated experience across a broad spectrum of specific risks. They not only learn about but also demonstrate practical experience across a range of different vulnerabilities targeted to the specific needs of the group.

What will the attendees learn?

The attendees will get taught the mechanics of each of these risks and of course the defensive patterns required to defend against them. But more than that, they get exposed to how to think about security; how to apply it in depth via multiple defenses, how to choose appropriate controls based on the specific risk of the feature, and how to have the discussion about what makes sense in different circumstances.
Above all though, security is just one factor in delivering working software and it has to be applied appropriately. Sometimes it comes with a trade-off against usability or cost and decisions have to be made about not what's just most secure, but what's in the overall best interests of the product being built. This workshop helps those who attend have the right discussions about when and where to invest in security.

Who is this Masterclass for? 
The audience is a mixture of software developers, security professionals, testers, and technology management. Security training is frequently targeted at security professionals; it uses their language, their practices, and their tools. The Masterclass is developer-centric and they focus on presenting security in a way that resonates with this audience. We primarily use tools developers are already familiar with such as the browser dev tools and HTTP proxies like Fiddler and Charles.

There's always a breadth of competency and experience so the pace and the depth are tailored accordingly. Often this means a combination of one-on-one time with some participants whilst setting stretch goals for others. Ultimately, everyone gets the opportunity to be challenged whilst not being overwhelmed.

 

It's security, but it's for developers 

Security training is frequently targeted at security professionals; it uses their language, their practices, and their tools. My workshops are developer-centric and they focus on presenting security in a way that resonates with this audience. We primarily use tools developers are already familiar with such as the browser dev tools and HTTP proxies like Fiddler and Charles.
The training is platform agnostic; whether you're working in ASP.NET, PHP, Node, or anything else sending angle brackets over HTTP, the workshop modules are equally relevant. Where an organisation specialises in the Microsoft stack we have the option to go deeper and look at discrete defences within technologies such as ASP.NET and SQL Server.

Frequently, attendees find serious risks in their own applications during the course of the Masterclass. Sometimes, they find serious risks in other people's which leads to firsthand exposure to the ethics of security. This class has resulted in disclosures such as missing transport layer in the realstate.com.au app and perhaps most notably, the complete lack of authorisation in Nissan's app controlling the LEAF electric vehicle. Serious security risks such as Nissan's are often only a couple of hours of training away from being discovered in many of today's online assets. 

          Agenda: Day 1

  •  Build fundamental security skills
    •  Introduction
    •  Discovering risks via the browser
    •  Using an HTTP proxy
    •  XSS
    •  SQL injection
    •  Mobile APIs 
    •  CSRF
    •  Framework disclosure
    •  Session hijacking

            Agenda: Day 2

  •  Delve deeper into online risks
      •  Password cracking
      •  Account Enumeration
      •  FiddlerScript
      •  HTTPS
      •  Content Security Policy
      •  Subresource integrity
      •  Brute force attacks
      •  Automating attacks and review

      Are there any prerequisites?

      This is a participatory masterclass. You won't get to just sit there and watch - the more you participate in the Masterclass, the more you'll get out!

      Would you like to join us as a group? - Contact us here                                                                                 

       

      Related