Hack Yourself First!
( before someone else does )
Digitisation and cyber-attacks go hand in hand. The Wannacry ransomware attack has really brought it home to many people. Every organisation should ask itself what role it plays in these developments. What can we do, personally?
We believe you should invest in three main themes when it comes to security:
- Culture: is everyone aware of the importance of security? Is the subject open to discussion?
- Knowledge: does everyone the necessary knowledge (or access to it)?
- Application: is the knowledge being applied in the right way? Does it benefit the clients?
In line with this approach, there was a unique workshop in early June. Betabit plucked up courage, at the beginning of 2017, and approached development security expert Troy Hunt, to ask if he would give his ‘Hack Yourself First!’ workshop for Betabit. Troy's response was enthusiastic and after a few Tweets back and forth, it was official: he would come to Rotterdam on 6 and 7 June. The news spread fast internally, and registrations poured in. Betabit also invited a number of clients and awarded one place in a contest during our .NET Core event.
They shared everything real openly. Betabit wants to let everyone know what they are doing. I guess they like to stand up there and go ‘hey, we are taking this security-thing very seriously’. So that was really cool!
Hacking into your own applications
The first started with a surprise: we gave Troy and all the participants a special Betabit hoodie. Troy was impressed right from the start; this was something he'd never experienced before. After a brief introduction, the hacking could finally begin. Because in his ‘Hack Yourself First!’ workshop, Troy teaches professionals how to break into their own applications - before a stranger does. He deals with such subjects as 'session cracking', ‘password cracking’ and ’brute force attacks'. Techniques such as SQL, FiddlerScript, and HTTPS were also looked at. Click here for an overview of the whole programme.
They turned out to be two extremely interactive and particularly interesting days, one of the highlights of the year. Troy emphasised the importance of security, how vulnerable software products are, and what you can do to combat that, as an employee of a software company. He explained the complex material clearly and in a stimulating way, backed by many recognisable examples such as the data leaks at 'Ashley Madison’ and ‘DigiNotar’. Everyone listened respectfully to Troy and went to work enthusiastically on all the hacking exercises at the end of each section.
Fantastic, but scary!
Troy was enthusiastic about the proficiency at Betabit: 'the group diversity and intelligence are very high, it's a fun group to work with'. Troy expressed his enthusiasm again in his weekly update. And the responses from the participants were also exclusively positive, which was obvious from the atmosphere. When asked 'What do you most remember?', their answer was naturally 'Troy's expertise'. And also the Harlem Shake code, the cosmetics website you can log into with only an email address, and the fact that so many companies, big and small, don't have their security sorted.
All things considered, two exceptionally successful days. A fantastic workshop with new insights, but also the anxiety of concluding that many organisations invest too little in cybersecurity. Every organisation and IT specialist should be asking themselves what they could be doing personally. No, must do! We're doing it with our focus on the three main themes mentioned earlier: culture, knowledge, and application. So that we can develop the best software for our clients.
About Troy Hunt
Troy Hunt is ‘Microsoft Regional Director’ in Australia and ‘Microsoft Most Valuable Professional’ in the field of Developer Security. Troy travels the world, speaking at large events and workshops. In addition, he writes a blog, designs 'Plural Sight courses' on data security, and offers a nice service with his website ';--haveIbeenpwned.com' on which everyone can see whether they or sites they use, have ever been hacked. For more information about Troy Hunt, check out his website.
Questions? Luc will be only happy to help
Contact
Hack Yourself First! (before someone else does)