[LRUG] [COURSES] Security Workshop in April

Najaf Ali ali at happybearsoftware.com
Tue Mar 4 08:55:09 PST 2014


My Dearest London Rubyists,

A few quick orders of business. If smacking the silly out of your Rails
application is of little interest then feel free to skip this email.

*Security Workshop*

Tickets to the next security workshop in April are now available for
purchase. The sales page with more info is
here<http://happybearsoftware.com/security-workshop>,
or if you just want to by tickets then here's the page on
eventbrite<https://www.eventbrite.co.uk/e/rails-security-workshop-april-2014-tickets-10817771245>
.

During the workshop, you'll be pitted against a series of vulnerable Rails
applications with the goal of either compromising a key piece of security
infrastructure or totally owning the app.

In the challenges you will be doing things like:

* Breaking weakly implemented authentication/authorisation mechanisms.
* Escalating a buggy file upload to a remote code execution exploit.
* Crafting a ciphertext payload to trick an application into letting you
change other users passwords.

As part of the workshop, you will also receive:

* Continued access to the exercises to work on at your leisure.
* (Pending completion) Screencasts that walk through each of the exploits
* (Pending completion) A PDF detailing each covered vulnerability, how it
can arise in an existing codebase and how to fix it.

(Note that if any past attendees are reading this, you'll get copies of all
of the above as soon as they're done!)

Here are the details:

Time: 09:00 to 17:00 on Friday 18th April 2014
Location: Hoxton Hotel, near Old Street underground station
Price: £400 per head, max 16 attendees

*In-house Security Workshops*

I'd be more than happy to run the workshop in-house at your offices if
that's of interest. As before bringing me in to talk briefly to your team
about security is free. Please take me up on this!

That's all. If you have any questions about any of the above then please
let me know at this address.

All the best,

-Ali
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20140304/1d547198/attachment-0003.html>


More information about the Chat mailing list