[LRUG] [COURSES] Rails security workshop challenges

Marc Wickenden marc at 4armed.com
Thu Oct 30 10:22:03 PDT 2014

+1 for the course. I dropped in on one session and it seemed well put together and totally relevant. Of course, doing it this way you (presumably) don’t get to enjoy drinking Peroni and talking about hacking stuff at lunchtime but don’t let that put you off.


Marc Wickenden / Technical Director

+44 7515 718897 / marc at 4armed.com <mailto:marc at 4armed.com>

Office: +44 203 475 2443 / https://www.4armed.com <https://www.4armed.com/>

> On 30 Oct 2014, at 09:30, Najaf Ali <ali at happybearsoftware.com> wrote:
> Dearest LRUG,
> For a few years I've been running a Rails Security Workshop which seems to get good feedback. For those of you that haven't heard of it, it's a one-day session that gets attendees to use their technical skills to exploit a series of insecure Rails applications. The goal of the day is to make developers more aware of security issues by making them implement attacks by hand.
> On my part the public workshop requires a lot of organising, sales calls, venue costs and other prep work to run profitably. I find actually running the day quite stressful. For those and other reasons it doesn't make much sense for me to run it for less than around £400 per seat. That's out of the price range of many individual developers. And with a two-year-old at home and another boy on the way in January, running another public workshop is probably off the cards for a while!
> For those of you who would like to have a crack at the challenges in your own time, I'm making the workshop exercises available as a standalone product. It includes email support from me as well in case you get stuck or need feedback.
> The package is very much at a beta stage, but to get it in front of people I'm selling the beta now for $67, going up to around $97 later. As LRUG is sort of where this whole security workshop thing started out, you can get a further $30 off with the code ruglife (good for 100 sales). This includes all future updates to this package even after the price increases. Future updates will include content going into detail on the vulnerabilities in the challenges and how to avoid them in your code.
> If for whatever reason you don't think the challenges are worth what you paid for them, email me and I'll initiate a refund ASAP.
> Here's the landing page <http://www.happybearsoftware.com/rails-security-challenges>, or if you just want to buy the thing you can do so directly via gumroad <https://gumroad.com/l/uAWT>. If you have any questions about the challenges, Rails security, good steak restaurants in London, advanced nappy-changing technique or anything you like really then shoot me an email at this address.
> Cheers,
> -Ali
> P.S. If you've done the in-person workshop and you or your company paid for a ticket, let me know over email and I'll give you a code to get the bundle free of charge.
> P.P.S. If you don't feel like paying me any money today but want some security advice all the same, you can get an email course covering the absolute basics of Rails security here <http://www.happybearsoftware.com/rails-security-fundamentals>. There's a sales pitch at the end of it for the challenges which you're free to ignore.
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
> Manage your subscription: http://lists.lrug.org/options.cgi/chat-lrug.org
> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20141030/4b369405/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature_logo.png
Type: image/png
Size: 9848 bytes
Desc: not available
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20141030/4b369405/attachment.png>

More information about the Chat mailing list