techorama, deep knowledge IT conference
Oct 07 - 09 | 2024 Utrecht Netherlands

Hack the Bank

Monday 07 October

09:00 - 17:00

eric-de-maar.jpg
Eric De Maar

Inspired by the legends of the Anonymous hackergroup, a new icon has submerged from the deep dark realms of the internet. Experience a workshop like you've never seen before – and never will see again.

In this workshop, you will step into the shoes of a hacker, exploit the most common web vulnerabilities and learn how to defend against them. Additionally, we will give you all the tools you need to automatically pentest your own applications using ZAP, the open source DAST from OWASP.

Who Should Attend:
This workshop is ideal for developers, security professionals, and anyone involved in the software development lifecycle who wants to improve their understanding of application security and learn practical skills to protect their code.

What to Expect:

Pre-Workshop Preparation:
The Rabbit Hole (± 3 hours)
---
Your journey starts with The Rabbit Hole, an online training platform that covers the basics of security vulnerabilities. Spend about three hours learning about SQL injection, Cross-Site Scripting, and Insecure Deserialization through clear, concise and practical modules. Complete this training before the workshop day to prepare for the challenges ahead.

Workshop Day:
Hack The Bank (3 hours)
---
On the workshop day, we will gather in our hacker basement in Utrecht for a hands-on experience. You will pair up with another participant to tackle the challenge of hacking Vaulture Capital, a virtual bank. Trace and exploit vulnerabilities to access data and money, with tasks becoming increasingly complex. To win you will need to steal the most money within the time limit. After the challenge, we will go through all the encountered vulnerabilities and explain how to best prevent them.

Implementing DevSecOps in Azure DevOps (3 hours)
---
Additionally, we will explore security automation. Learn how to pentest your codebase automatically using OWASP ZAP and integrate these practices into your development workflow. Every participant will work with their own sandbox environment which includes a web application and an API of a fictive pizza shop. The environments are ripe with vulnerabilities and we will walk you through on how to configure ZAP inside a CI/CD pipeline to identify these issues automatically.

What You Will Learn:
- The ins and outs of the OWASP Top 10 most common web application security risks.
- Identifying and exploiting OWASP Top 10 vulnerabilities, including SQL injection, multiple ways of Cross-Site Scripting, and Insecure Deserialization.
- Defensive strategies against common vulnerabilities.
- Applying dynamic application security testing (DAST) on a (vulnerable) codebase using the open source ZAP by OWASP.
- Integrating OWASP ZAP in your CI/CD pipelines.

Technical Prerequisites:
- Your own laptop

Visit https://hackthebank.nl for more information.

My name is Eric de Maar – I’m an allround innovator and technical evangelist. Over the past decade I’ve consistently had the privilege of working with and implementing the very latest technologies and applications. This also made me aware that the success of any implementation of new technology depends almost entirely on one critical element: how well it is embraced and adopted.

This insight sparked my evolution into a specialized technical trainer – I’ve been making learning engaging ever since. As a technical trainer I’ve incorporated a variety of methods and instructional styles to effectively deliver content. My style is to-the-point and focused on clearly defined learning goals combined with a touch of amusement and enthusiasm.