Seminar: Hack Your Hackers

Offence is the best defence

Every week we hear about breaches at various corporations around the world. However, most of these breaches are not the result of supernatural skillsets and dark ambitions possessed by hackers. Security vulnerabilities are nothing, but specific sort of bugs that might lead to an opportunity for malicious users. The goals of the seminar are threefold. First of all, participants will learn about the specifics of the most widespread security vulnerabilities. At the very least they will become aware of these issues and understand how dire the consequences of a seemingly simple Cross-Site Scripting could be. Secondly, participants will get hands-on training on how to monitor attack attempts on software systems and virtually patch them without the need to modify the source code. Finally, the last and the most fun part of the seminar is an actual hacking battle between the participants to see who is the best hacker.

Our seminar consists of 3 parts.

Part 1: Security Vulnerabilities

Firstly we will look into a number of most widespread techniques that hackers leverage when trying to find those security-related bugs they can exploit. These techniques all correspond with a subset of the OWASP Top 10 most seen web application vulnerabilities.

Part 2: Web Application Firewalls

In the second part of our seminar, we will introduce ModSecurity – one of the most well-known and open source web application firewalls. The participants will get hands-on training mainly focused on ModSecurity configuration and rule language. Participants will learn not only how to virtually patch and protect the web-based software systems, but also how to actually attack their attackers by sending them malicious payloads and redirecting them to full-blown honeypots.

Part 3: The Battle of Hackers

Finally, we will give all participants the opportunity to fill the shoes of a true security professional who has to manage web-based applications that is subject to hourly attacks by malicious users. Every participant will get a virtual image running a vulnerable web application. We have designed a Codific-Hacking-Robot that will automatically try to exploit each participant’s web application by periodically sending both legitimate as well as malicious payloads. The winner will be determined by looking at how fast and effective participants can protect the web application by making sure legitimate payloads succeed.