Hack Yourself First!

We believe you should invest in three main themes when it comes to security:

1. Culture: is everyone aware of the importance of security? Is the subject open to discussion?
2. Knowledge: does everyone the necessary knowledge (or access to it)?
3. Application: is the knowledge being applied in the right way? Does it benefit the clients?

In line with this approach, there was a unique workshop in early June. Betabit plucked up courage, at the beginning of 2017, and approached development security expert Troy Hunt, to ask if he would give his ‘Hack Yourself First!’ workshop for Betabit. Troy's response was enthusiastic and after a few Tweets back and forth, it was official: he would come to Rotterdam on 6 and 7 June. The news spread fast internally, and registrations poured in. Betabit also invited a number of clients and awarded one place in a contest during our .NET Core event.

The first started with a surprise: we gave Troy and all the participants a special Betabit hoodie. Troy was impressed right from the start; this was something he'd never experienced before. After a brief introduction, the hacking could finally begin. Because in his ‘Hack Yourself First!’ workshop, Troy teaches professionals how to break into their own applications - before a stranger does. He deals with such subjects as 'session cracking', ‘password cracking’ and ’brute force attacks'. Techniques such as SQL, FiddlerScript, and HTTPS were also looked at. Click here for an overview of the whole programme.

They turned out to be two extremely interactive and particularly interesting days, one of the highlights of the year. Troy emphasised the importance of security, how vulnerable software products are, and what you can do to combat that, as an employee of a software company. He explained the complex material clearly and in a stimulating way, backed by many recognisable examples such as the data leaks at 'Ashley Madison’ and ‘DigiNotar’. Everyone listened respectfully to Troy and went to work enthusiastically on all the hacking exercises at the end of each section.

Troy was enthusiastic about the proficiency at Betabit: 'the group diversity and intelligence are very high, it's a fun group to work with'. Troy expressed his enthusiasm again in his weekly update. And the responses from the participants were also exclusively positive, which was obvious from the atmosphere. When asked 'What do you most remember?', their answer was naturally 'Troy's expertise'. And also the Harlem Shake code, the cosmetics website you can log into with only an email address, and the fact that so many companies, big and small, don't have their security sorted.

All things considered, two exceptionally successful days. A fantastic workshop with new insights, but also the anxiety of concluding that many organisations invest too little in cybersecurity. Every organisation and IT specialist should be asking themselves what they could be doing personally. No, must do! We're doing it with our focus on the three main themes mentioned earlier: culture, knowledge, and application. So that we can develop the best software for our clients.