Hack the Bank (Interactive Learning experience with limited capacity!)

Inspired by the legends of the Anonymous hackergroup, a new icon has submerged from the deep dark realms of the internet. Experience a workshop like you've never seen before – and never will see again.

In this workshop, you will step into the shoes of a hacker, exploit the most common web vulnerabilities and learn how to defend against them. Additionally, we will give you all the tools you need to automatically pentest your own applications using ZAP, the open source DAST from OWASP.

Who Should Attend:
This workshop is ideal for developers, security professionals, and anyone involved in the software development lifecycle who wants to improve their understanding of application security and learn practical skills to protect their code.

What to Expect:

Pre-Workshop Preparation:
The Rabbit Hole (± 3 hours)
---
Your journey starts with The Rabbit Hole, an online training platform that covers the basics of security vulnerabilities. Spend about three hours learning about SQL injection, Cross-Site Scripting, and Insecure Deserialization through clear, concise and practical modules. Complete this training before the workshop day to prepare for the challenges ahead.

Workshop Day:
Hack The Bank (3 hours)
---
On the workshop day, we will gather in our hacker basement in Utrecht for a hands-on experience. You will pair up with another participant to tackle the challenge of hacking Vaulture Capital, a virtual bank. Trace and exploit vulnerabilities to access data and money, with tasks becoming increasingly complex. To win you will need to steal the most money within the time limit. After the challenge, we will go through all the encountered vulnerabilities and explain how to best prevent them.

Implementing DevSecOps in Azure DevOps (3 hours)
---
Additionally, we will explore security automation. Learn how to pentest your codebase automatically using OWASP ZAP and integrate these practices into your development workflow. Every participant will work with their own sandbox environment which includes a web application and an API of a fictive pizza shop. The environments are ripe with vulnerabilities and we will walk you through on how to configure ZAP inside a CI/CD pipeline to identify these issues automatically.

What You Will Learn:
- The ins and outs of the OWASP Top 10 most common web application security risks.
- Identifying and exploiting OWASP Top 10 vulnerabilities, including SQL injection, multiple ways of Cross-Site Scripting, and Insecure Deserialization.
- Defensive strategies against common vulnerabilities.
- Applying dynamic application security testing (DAST) on a (vulnerable) codebase using the open source ZAP by OWASP.
- Integrating OWASP ZAP in your CI/CD pipelines.

Technical Prerequisites:
- Your own laptop

Visit https://hackthebank.nl for more information.

Location:

The Team Building
Admiraal Helfrichlaan 6
3527 KV Utrecht