Web Security
Join us for an Exclusive Workshop:

Web Security

Mike North
Mike North
LinkedIn
September 12, 2017 - 9:30am to 5:30pm Central US Time

Attend Online

Live and in Full HD
OR

Join in Person

From Downtown Minneapolis, MN

You're Registered to Attend Online!

September 12, 2017 - 9:30am to 5:30pm Central US Time

This Workshop Is Currently Live

September 12, 2017 - 9:30am to 5:30pm Central US Time

This Workshop Has Already Concluded

Web Security

Why You Should Join Us

By coding along with us in the Workshop, you'll:

  • Get hands-on experience, both from the attacker and defender standpoint
  • Understand the latest threats and advances in web application security
  • Use penetration testing tools to detect vulnerabilities in a sample web application
  • See first-hand, just how much damage an attacker can do with an XSS vulnerability
  • Look at a man-in-the-middle attack, from the perspective of the attacker, the developer, and the victim.
  • And more…

Your Instructor

Mike North

Mike North

Mike is a modern web consultant and Staff Engineer at LinkedIn where he works with the Web Frameworks team to maintain the company's tech stack. Mike was the CTO of Levanto Financial and an open source contributor to ember-cli, ember-data and ember.js. Before working at Levanto, Mike was the UI Architect of Yahoo's Ads & Data division, and was a driving force in replacing YUI with Ember as the UI framework of choice throughout the division, and the company as a whole. Mike led the UI engineering effort to build out Yahoo's Ad platform in Ember.js, improving the framework, tooling and ecosystem along the way.

Spend A Full Day Immersed With Mike North

Workshop Details

Web Security

Security is an increasingly important part of building modern web applications, but it often falls victim to the pressure of tight deadlines. As attacks become more sophisticated, protecting our users becomes not just an ethical responsibility, but part of preserving a company's reputation and trust.

In an effort to understand what we as developers are up against, we'll get hands-on experience staging some attacks, and in doing so learn how we can fend off those who would do our users harm.

We'll begin with a series of attacks that relate to a web application client, starting with Cross-Site Scripting (XSS) and malicious image/pdf attachments. We'll get authenticated users to perform unwanted actions using a Cross-Site Request Forgery (CSRF) attack, and learn about defense strategies like CSRF tokens. We'll even learn how to stage a Clickjacking attack and use hidden iframes to trick users into interacting with one application while they think they're using another.

Next, we'll turn our focus onto our web application's back end. We'll use a SQL injection attack to expose private information from a database and learn how to sanitize user input properly to protect against this kind of thing. We'll also attack the app's authentication system its self, to try and determine which usernames correspond to registered accounts.

Finally, we'll look at the network connection between our user and the web application back-end, and explore how a man-in-the-middle attack is staged. We'll get some hands-on experience with modern browser security features like HSTS headers and Subresource Integrity — technologies that can protect users on a compromised WiFi network.

Daily Schedule

We've already held over 80 workshops holding thousands attendees in-person and online. In this time we've discovered ways to schedule the day so it goes smoothly and efficiently.

Regardless if you're in-person or participating with us online you'll have the full ability to replay things you missed, get your questions answered LIVE and interact with the teacher throughout the day.

  • 9:30AM
    Welcome
  • 10:00AM
    State of Web App Security
  • 10:30AM
    Categories of Attack
  • 11:00AM
    Protecting Developer Secrets
  • 12:15PM
    Attack: CSRF
  • 12:30PM
    Defend: CSRF
  • 1:00PM
    Lunch
  • 2:00PM
    Clickjacking Attacks
  • 2:15PM
    Attack: Clickjacking
  • 2:30PM
    Defend: Clickjacking
  • 2:45PM
    SQL Injection
  • 3:00PM
    Attack: SQL Injection
  • 3:15PM
    Defend: SQL Injection
  • 3:30PM
    Timing Attacks
  • 3:45PM
    Attack: Timing
  • 4:00PM
    Defend: Timing
  • 4:30PM
    Subresource Integrity
  • 5:00PM
    Wrap Up and Recap
Expand...

Interact with the Instructor - Online & In-Person

Get Your Questions Answered • Code Along with the Class • Classroom Format

Is This Workshop for Me?

Summary

This workshop is intended for web application developers who have an understanding of how a client and server interact with each other. If you know what HTTPS, DNS and SQL are, and have some hands-on experience with JavaScript, you should get a lot out of this!

Event Details

Free for EVERYONE

One Full Day Workshop Session

Replay Videos (available immediately)

When

September 12, 2017 - 9:30am to 5:30pm Central US Time

Where

Option 1: Attend online on our full HD live stream

Option 2: Attend in-person at HQ in Minneapolis, MN