Hacking PHP applications from scratch

Security is a tedious cat and mouse game, that’s increasing in development speed and complexity every single day. Hackers’ game plan is to know more about certain edge cases and in-depth details regarding the technologies they’re attempting to compromise, than the developers who initially built and are currently maintaining those technologies.

To truly understand and to be competent in the security aspect of PHP development, we need to learn how to think like a hacker. Once you’ve exploited a simple SQL injection vulnerability for the first time, I can guarantee that you’ll never let one slip through a code review process again.

In this workshop, you’ll be working your way through exploiting a series of vulnerabilities present on a set of intentionally poorly crafted PHP applications. There are vulnerabilities of various difficulty levels, ranging from very simple basic ones to more complicated multi-step ones that require a deeper understanding and longer development background to be exploited successfully. This workshop includes an introductory part. after which we’ll be focusing on actually hands-on exploiting the applications either by ourselves or in small groups.

The goal is to learn hands-on how the most common mistakes that PHP developers make while developing web applications escalate into full-scale breaches and compromises. Through this process you’ll gain an in-depth understanding of these vulnerabilities, and will ultimately be much more capable of protecting your applications from being hacked in the future. Once you know the basics of hacking PHP applications, you’re much less likely going to fall into these common security pitfalls in your future projects.

This workshop is intended to run either on a Linux machine (Kali, Arch, Ubuntu, Debian, or similar will do, can be in a VM as well) or on a recent version of macOS. The workshop is intended for people that have previous professional PHP development experience, and preferably basic understanding of Linux OS, command line, and TCP/IP networking basics.

Antti Rossi flag

Antti Rossi

CTO @ Jobilla