February 19, 2016
February 19, 2016
Recently, Brains & Beards helped organise a webapplication security workshop for aspiring software craftsmen from the Barcelona chapter. And it went great.
I think the reason for the success was what we focus on in the materials we provide. We think the learnings and challenges that we set during such a training should be:
How do we achieve those goals? Well, the material used was a part of a bigger training we do on webapplication security. We’ve prepared a simple online bookstore written in Ruby on Rails that is riddled with (more and less obvious) security vulnerabilities. First we explain the basic theory behind a particular attack vector, then we let the students loose to find it in the app and exploit it. Afterwards, we have a small discussion how could it happen that such a bug was introduced, how to spot them in the future and, of course, how to fix it.
Overall, it was a great experience to see so many developers with various backgrounds ferociously hacking our poor aplication. What’s most important (and difficult to achieve!) is that nevermind their expertise levels, they all enjoyed it and improved their knowledge. We had attendees who had absolutely no knowledge of what an SQL injection is and seasoned web developers who were able to conduct timing attacks. I’m really happy they all finished the workshop smiling and asking for more!
So, the only question left is: who’s next? ;)
If you liked this post, why don't you subscribe for more content? If you're as old-school as we are, you can just grab the RSS feed of this blog. Or enroll to the course described below!
Alternatively, if audio's more your thing why don't you subscribe to our podcast! We're still figuring out what it's going to be, but already quite a few episodes are waiting for you to check them out.