|14:30:00 - 15:20:00||Beginner||Nederlands|
During this workshop ethical hackers from Securify will show you how to find and exploit vulnerabilities in typical (java) web applications. There will be a server running a typical web application that is affected by a range of real world security flaws, we find daily on the job. You will learn you how to find, exploit and prevent the issue, including OWASP Top 10 flaws like SQL injection, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Arbitrary Redirects and System Command Injection. No need to have any upfront knowledge about software security, we will guide you through the examples step by step. Just bring your laptop and start hacking!
Bio van Yorick Koster & David Vaartjes
David Vaartjes is co-owner of Securify, a Dutch company fully dedicated to software security testing and the concept of Build Security In. David has over 10 years of experience in the field of software security and engaged in hundreds of audits for a large number of clients in varying industries. He is specialised in (Java) security code reviews. David is a true enthusiast of the build security in approach. Working close with software development teams who are facing todays security challenges. Help to catch and fix security defects early. Securify strongly believes that this is the way to go to achieve structural improvement, raise awareness and teach development teams how to deliver secure applications at once. During his employment at Rabobank Nederland David worked on a method to fully integrate security testing within the ever-changing agile environment. Get security testing and sign off done during the sprints!
Yorick Koster is a passionate information security professional, who is always eager to learn. He is constantly working to broaden his knowledge in the field of security, at work but especially outside it. Yorick has a high level of technical knowledge and when performing his security research, he is able to get to the very heart of the problem. Furthermore, he is able to articulate his findings well both orally and in writing for people who are not so knowledgeable about this specialty – in both English and Dutch. Not only is Yorick a researcher, but he has also set up and given various courses in the field of secure designing and secure programming. These courses have been held in house, at Technical Colleges
(Hogescholen), and for customers in situ. Specialties:Software security, security review, code review, mobile security, pentesting, vulnerability research, exploit development, key management, cryptography