BEGIN:VCALENDAR VERSION:2.0 PRODID:icalendar-ruby CALSCALE:GREGORIAN BEGIN:VEVENT DTSTAMP:20260419T182719Z UID:D9PELg DTSTART;VALUE=DATE:20160929 DTEND;VALUE=DATE:20160930 CLASS:PUBLIC CREATED:20160811T144652 DESCRIPTION: A series of security challenges in an intense one-day workshop \n\n The only way to know in your gut how software works is to implement it by hand. The same applies to breaking into web apps. To be truly aware of the vulnerabilities in your code is to exploit them yourself. \n\n In a n intense one-day workshop\, we’ll be taking a group of Ruby on Rails de velopers through a series of time-limited security challenges. You'll lear n to bypass authentication\, escalate privileges and thoroughly compromise the infrastructure of vulnerable Rails applications. \n\n By the end of t he workshop\, you will: \n\n \n Have an intuitive sense for vulnerable cod e and how to exploit it. \n Be up to date with common attack vectors again st Rails applications. \n Be armed with strategies for keeping your codeba ses secure in the long-term. \n \n\n \n\n Some nice things people have sa id \n\n \n The security workshop was a real eye-opener\, and loads of fun. The difference between reading on a blog that\, "There's a remote code ex ecution vulnerability..." and actually seeing just how easy it is to make an application do whatever you want (that it's not supposed to do)\, is hu ge. I would highly recommend this workshop to any programmers who care abo ut their customers' security (hopefully\, that's all of them). \n\n David Salgado\, CTO and Co-Founder at Admoda \n \n\n \n\n \n The Rails Securit y Course run by Ali was fantastic! He has a great way of teaching and I le arnt a huge amount in a short space of time. I've read lots about XSS\, SQ L injection\, and the Rails remote code execution vulnerability\, but ther e's only so much you can learn from just reading about them. Actually putt ing the attacks into practice and seeing how they work really shed a lot o f light the lengths people are willing to go to hack your systems. I canno t recommend this course enough! \n\n Tom Crinson\, Senior Data Engineer at Metail \n \n\n The Challenges \n\n Over the day we'll progress from takin g advantage of basic developer error to exploiting multiple vulnerabilitie s and totally compromising a web application. \n\n The challenges increase in difficulty over the course of the day though we'll be dropping hints t o keep everyone at roughly the same stage. \n\n We’ve run this workshop several times over the past few years. We’ve removed some exercises that are no longer as relevant and added new ones based on vulnerabilities we ’ve found in client codebases. \n\n Requirements \n\n \n Basic to interm ediate Ruby programming skills - While we'll be covering a lot of technica l material on the day\, strong Ruby skills will help you spend less time p lumbing and more time breaking into web applications. \n Basic understandi ng of the HTTP protocol - You don’t need to be an expert on HTTP\, but a n understanding about how forms\, headers\, and cookies work would help yo u get through the challenges. \n A laptop set up to develop Rails codebase s - This typically means having access to a command line with a ruby versi on manager (like chruby\, rbenv\, or rvm) installed. \n \n\n Money back gu arantee \n\n If at any point before\, during or after the workshop you dec ide that it wasn't worth what you paid for it\, let me know and we will im mediately initiate a full refund. \n\n Timeline \n\n \n (Optional) If you have any questions or queries\, you email us and we get back to you ASAP. If you need to convince your boss\, I wrote this article specifically for them to read. \n You buy a ticket! 🍻 \n Before the workshop\, we’ll get in touch to say hello and send over a single challenge as pre-work. Th is is to make sure you’re set up to run the exercises and we spend minim al time dealing with technical issues on the day. It is also so that you u nderstand the structure of the challenges and can get stuck in right away at the workshop. \n On the day of the workshop\, you turn up at 9am sharp and we do the thing. I will talk for about 15 minutes at the start and end \, with brief interludes between each challenge. We break for lunch (not i ncluded) at 13:00 for an hour and finish at 18:00. The vast majority of th e day will be you at your keyboard trying to break into insecure software. \n (Optional) For dinner (also not included) we have a reservation for al l of us at the nearby Tajima-Tei for 18:15 which you’re welcome to atten d for eating/drinking afterwards. \n After the workshop we’ll be in touc h with a couple of extra exercises\, recommended reading material\, and a request for feedback. \n \n\n Questions? \n\n If there’s anything you’ d like to know before buying a ticket\, please send an email to ali@happyb earsoftware.com and I’ll get back to you ASAP. \n\n Can’t make these d ates/tickets sold out? \n\n No worries. You have a few options: \n\n \n Ne xt public workshop - If you have less than ten developers on your team\, e nter your name/email below in the “Register Interest” form. We intend to run these workshops every quarter\, so you’re welcome to the next one . \n In-house workshop - If you have ten or more developers on your team\, it might make sense for us to run the workshop at your office\, customisi ng the material to your requirements if appropriate. Please get in touch r egarding pricing and availability. \n DIY Workshop - For a fee we’d be h appy to make the workshop exercises available to your team. You won’t ha ve the focused single day\, accompanying material\, and witty conversation s that the live workshop attendees will enjoy. However this can be a good option if you’re having difficulty scheduling an entire day to focus on levelling up your security skill. Please get in touch about this offer. \n \n LAST-MODIFIED:20231212T102856 LOCATION:London\, UK ORGANIZER:mailto:ali@happybearsoftware.com SUMMARY:Rails Security Workshop - September 2016 URL;VALUE=URI:https://ti.to/bearclaw/rails-security-workshop-september-2016 URL;VALUE=URI:https://ti.to/bearclaw/rails-security-workshop-september-2016 END:VEVENT END:VCALENDAR