Hack yourself first: go on the cyber-offence before online attackers do
YOW! 2014 Melbourne
The prevalence of online attacks against websites has accelerated quickly recently and the same risks continue to be exploited. However, these are often easily identified directly within the browser; it’s just a matter of understanding the vulnerable patterns to look for.
‘Hack Yourself First’ is all about developers building up cyber-offence skills and proactively seeking out security vulnerabilities in their own websites before an attacker does. It recognises that we have huge volumes of existing websites that haven’t gone through sufficient security review plus we continue to create new content that even when built with security in mind, still needs testing from the perspective of a cybercriminal.
In this session we’ll look at website security from the attacker’s perspective and exploit common risks in a vulnerable web application. We’ll also explore ways to easily grab credit cards, gain immediate FTP access to thousands of websites, crack password cryptography you think is secure and hijack wifi.
Web security expert
Troy Hunt is an Australian Microsoft Most Valuable Professional for Developer Security and Author for Pluralsight — a leader in online training for technology and creative professionals. Troy has been building software for browsers since the very early days of the web and possesses an exceptional ability to distill complex subjects into relatable explanations. This has lead Troy to become an industry thought leader in the security space and produce many top-rated courses for Pluralsight. Currently, Troy is heavily involved in Have I been pwned? a free service that aggregates data breaches and helps people establish potential impacts from malicious web activity. Troy blogs regularly about web security and is a frequent speaker at industry conferences and throughout the media to discuss a wide range of technologies.