[LRUG] [COURSES] Rails Security Workshop April 2015

Najaf Ali ali at happybearsoftware.com
Tue Mar 31 01:09:57 PDT 2015


Hi all,

I'm running the Rails Security Workshop again on 24th April 2015. Go here
<http://www.eventbrite.co.uk/e/rails-security-workshop-april-2015-tickets-16270052164>
if you just want to buy tickets or read on for more info.

For those of you that don't know what it is, over the course of a day I
take a group of up to sixteen Rails developers and make them find and
exploit security vulnerabilities in a series of insecure applications.

The goals of the workshop:

* Increase your awareness of security vulnerabilities at work.
* Give you practical experience of security issues you may have only read
about
* Have fun using your powers for (fake) evil instead of good for a change.

I've run the workshop publicly and in-house and it appears to get good
reviews. Here's some things that people have said during or after it:

* "I can't believe how much fun I'm having."
* "We found four XSS vulnerabilities at work a few days after the workshop."
* "My mind was blown by the how easy the remote code execution exploit was."
* "Sorry, I'm going to have to take a break and make sure we're not
exposing this vulnerability at work."
* "I'd love to go out for a drink, but my brain is fried after the
workshop. I'm going home to sleep."

Details:

Date/Time: Friday 24th April 2015, 10:00 => 17:00
Venue: Regents Room, ORT House, 126 Albert Street, NW1 7NE

Things you might be thinking:

*"Everyone on our team wants to do it, can you just come to our offices
instead?"*

I'd love to! Please get in touch off-list and we'll figure something out.

*"Is this going to be too hard/easy for me?"*

Quite possibly. Every time I've run this workshop the following two people
turn up:

* A person who murders every single exercise I put in front of them
* Someone who doesn't complete a single exercise

There doesn't appear to be even a slight correlation between years of
experience or type of company (I've checked) with how well you do. I've met
junior developers that move through the exercises with ease and senior
developers who get stuck on every single one.

Most attendees however sit somewhere in between. In terms of difficulty I
think that's about as well-balanced as I can make it.

"*Can we have a group discount?"*

I'm afraid not. If you can't manage to see way your way to getting tickets
or doing the workshop in-house, you can get the challenges
<https://gumroad.com/l/uAWT> we work through on the day for a considerably
lower price.

I haven't thought out a strategy re: a "company license" for these
challenges, so for the time being just buy one copy and feel free to pass
it around your office.

*"What if I go and I don't like it?"*

If at any point you feel that the workshop wasn't worth what you paid for
it, let me know and* I will immediately issue you a refund*. After I issue
the refund, I'll try to find out from you how the workshop didn't meet your
expectations, but you have no obligation to help me in that regard.

To buy tickets please go to the event listing on Eventbrite
<http://www.eventbrite.co.uk/e/rails-security-workshop-april-2015-tickets-16270052164>.
If you have any questions or just want to say hello/catch up then don't
hesitate to get in touch.

All the best,

-Najaf Ali, http://happybearsoftware.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20150331/239f00ac/attachment-0003.html>


More information about the Chat mailing list