Web Security
Join us for an Awesome Workshop on:

Web Security

September 12, 2017 - 9:30am to 5:30pm Central US Time

This workshop has already been published as a course!

Web Security

Some Key Takeaways!

By coding along with us in the Workshop, you'll:

  • Get hands-on experience, both from the attacker and defender standpoint
  • Understand the latest threats and advances in web application security
  • Use penetration testing tools to detect vulnerabilities in a sample web application
  • See first-hand, just how much damage an attacker can do with an XSS vulnerability
  • Look at a man-in-the-middle attack, from the perspective of the attacker, the developer, and the victim.
  • And more…

Your (Awesome) Instructor

Mike North

Mike North

Mike is a Staff Engineer and tech lead at LinkedIn where he works with the Presentation Infrastructure team as one of the company’s deepest TypeScript, PWA and Ember.js experts, to help maintain LinkedIn’s tech stack. Prior to working at LinkedIn, Mike was the CTO of Levanto Financial and the UI Architect of Yahoo’s Ads & Data division. As part of his ongoing work to improve the JavaScript ecosystem, Mike is a regular contributor and maintainer of a wide range of open source libraries. His areas of focus are TypeScript , Ember.js and Progressive Web Applications.

Spend A Full Day Immersed With Mike North

Workshop Details

Web Security Security is an increasingly important part of building modern web applications, but it often falls victim to the pressure of tight deadlines. As attacks become more sophisticated, protecting our users becomes not just an ethical responsibility, but part of preserving a company's reputation and trust. In an effort to understand what we as developers are up against, we'll get hands-on experience staging some attacks, and in doing so learn how we can fend off those who would do our users harm. We'll begin with a series of attacks that relate to a web application client, starting with Cross-Site Scripting (XSS) and malicious image/pdf attachments. We'll get authenticated users to perform unwanted actions using a Cross-Site Request Forgery (CSRF) attack, and learn about defense strategies like CSRF tokens. We'll even learn how to stage a Clickjacking attack and use hidden iframes to trick users into interacting with one application while they think they're using another. Next, we'll turn our focus onto our web application's back end. We'll use a SQL injection attack to expose private information from a database and learn how to sanitize user input properly to protect against this kind of thing. We'll also attack the app's authentication system its self, to try and determine which usernames correspond to registered accounts. Finally, we'll look at the network connection between our user and the web application back-end, and explore how a man-in-the-middle attack is staged. We'll get some hands-on experience with modern browser security features like HSTS headers and Subresource Integrity — technologies that can protect users on a compromised WiFi network.

Daily Schedule

We've already held over 150 workshops with thousands of attendees in-person and online. In this time we've discovered ways to schedule the day, so it goes smoothly and efficiently. Regardless if you're in-person or participating with us online you'll have the full ability to replay things you missed, get your questions answered LIVE and interact with the teacher throughout the day.

  • 9:30AM
    Welcome
  • 10:00AM
    State of Web App Security
  • 10:30AM
    Categories of Attack
  • 11:00AM
    Protecting Developer Secrets
  • 12:15PM
    Attack: CSRF
  • 12:30PM
    Defend: CSRF
  • 1:00PM
    Lunch
  • 2:00PM
    Clickjacking Attacks
  • 2:15PM
    Attack: Clickjacking
  • 2:30PM
    Defend: Clickjacking
  • 2:45PM
    SQL Injection
  • 3:00PM
    Attack: SQL Injection
  • 3:15PM
    Defend: SQL Injection
  • 3:30PM
    Timing Attacks
  • 3:45PM
    Attack: Timing
  • 4:00PM
    Defend: Timing
  • 4:30PM
    Subresource Integrity
  • 5:00PM
    Wrap Up and Recap
Expand...

Interact with the Instructor - Online & In-Person

Get Your Questions Answered • Code Along with the Class • Classroom Format

Is This Workshop for Me?

Summary

This workshop is intended for web application developers who have an understanding of how a client and server interact with each other. If you know what HTTPS, DNS and SQL are, and have some hands-on experience with JavaScript, you should get a lot out of this!

Any Prerequisites?

Event Details

What

One Full Day Workshop Session

Replay Videos (available immediately)

When

September 12, 2017 - 9:30am to 5:30pm Central US Time

Where

Option 1: Attend online on our full HD live stream

Option 2: Attend in-person at HQ in Minneapolis, MN