Hack Yourself First - Online Workshop

NDC Copenhagen: Hack Yourself First: How to go on the Cyber-Offence

The workshop will be hosted online on Zoom.us and run by both Troy Hunt and Scott Helme. Please note that the workshop is scheduled in Canberra, Melbourne, Sydney time (AEST). The 09:00 start is firm on both days, however, other timings in the schedule below can be fluid  based on how long the modules are running for.

Cyber-attacks have become a reality of running software on the web today. We find ourselves under a constant barrage of malicious activity from hacktivists, online criminals and increasingly, nation states. Successful attacks from these adversaries are predominantly via flaws in the software products they target – flaws that could have been prevented by developers understanding how online attackers work and what the appropriate defensive measures are.

The Objective:

The objective of the workshop is that each person walks away with demonstrated experience across a broad spectrum of specific risks. They not only learn about but also demonstrate practical experience across a range of different vulnerabilities targeted to the specific needs of the group.

Courses run for two days on the following schedule:

Day 1

The first day build fundamental security skills that all technology professionals delivering applications on the web should posses:

- Discovering Risks via the Browser

- Using an HTTP proxy 


- SQL Injection



- Framework Disclosure 

Day 2

The second day delves deeper into online risks, covering more advanced topics in greater depth:

- Password Cracking

- Account Enumeration 

- FiddlerScript

- Content Security Policy

- Session Hijacking

- Subresource integrity

- Brute Force Attacks

- Automating Attacks and Review

What attendees learn

Attendees will get taught the mechanics of each of these risks and of course the defensive patterns required to defend against them. But more than that, they get exposed to how to think about security; how to apply it in depth via multiple defences, how to choose appropriate controls based on the specific risk of the feature and how to have the discussion about what makes sense in different circumstances.

Above all though, security is just one factor in delivering working software and it has to be applied appropriately. Sometimes it comes with a trade-off against usability or cost and decisions have to be made about not what's just most secure, but what's in the overall best interests of the product being built. This workshop helps those who attend have the right discussions about when and where to invest in security.

Intended audience

  • Software Developers
  • System Administrators
  • Testers

This workshop is aimed at any software developer, system admin or tester who wants to get a better understanding what is going on in cyber space if it comes to hacking and cracking of systems. This workshop enables you to take a pro-active approach and you learn how hackers will try to break your system. This workshop will be an eye opener for most attendees and it is the starting point of becoming a better developer. It all starts with awareness and improving your own habits. So start hacking yourself first, to become a better developer!

Required equipment

Attendees will need to use their own computer with one of following software options installed: Fiddler: http://www.telerik.com/download/fiddler Charles Proxy: http://www.charlesproxy.com/download/ Burp Suite: https://portswigger.net/burp/communitydownload

If possible please also bring your smartphone.

  • Days

    2 Days - 1-2 April

  • Participation

    Online Workshop - hosted on Zoom.us

  • Price

    4000 DKK + VAT


  • Troy Hunt

    Troy Hunt

    Troy is a Microsoft Regional Director and MVP, Pluralsight author and world-renowned internet security specialist. He spends his time teaching developers how to break into their own systems before helping to piece them back together to be secure against today’s online threats. He’s also the creator of “Have I been pwned?”, the free online service for breach monitoring and notifications. Troy regularly blogs at troyhunt.com from his home in Australia.

  • Scott Helme

    Scott Helme

    Hacker, researcher, builder of things. Founded securityheaders.com and report-uri.com, Pluralsight author, BBC hacker in residence, award winning entrepreneur. Find me at scotthelme.co.uk