Penetration Testing PHP Applications from Scratch

By: Antti Rössi

Security is a tedious cat and mouse game, that’s increasing in development speed and complexity every single day. Hackers’ game plan is to know more about certain edge cases and in-depth details regarding the technologies they’re attempting to compromise, than the developers who initially built and are currently maintaining those technologies.

To truly understand and to be competent in the security aspect of PHP development, we need to learn how to think like a hacker. Once you’ve exploited a simple SQL injection vulnerability for the first time, I can guarantee that you’ll never let one slip through a code review process again.

In this workshop, you’ll be working your way through exploiting a series of vulnerabilities present on a set of intentionally poorly crafted PHP applications. There are vulnerabilities of various difficulty levels, ranging from very simple basic ones to more complicated multi-step ones that require a deeper understanding and longer development background to be exploited successfully. This workshop includes an introductory part after which we’ll be focusing on actually hands-on exploiting the applications either by ourselves or in small groups.

Learn hands-on how the most common mistakes that PHP developers make while developing web applications escalate into full-scale breaches and compromises. Gain an in-depth understanding of these vulnerabilities, and will ultimately be much more capable of protecting your applications from being hacked in the future. Once you know the basics of hacking PHP applications, you’re much less likely going to fall into these common security pitfalls in your future projects.

This workshop is intended to run either on a Linux machine (Kali, Arch, Ubuntu, Debian, or similar will do, can be in a VM as well) or on a recent version of macOS. The workshop is intended for people that have previous professional PHP development experience, and preferably basic understanding of Linux OS, command line, and TCP/IP networking basics.


With your tutorial ticket you’ll get the following:

  • Tutorial from 09:00 – 12:20 (please be present in time)
  • A coffee and tea break
  • Lunch after the tutorial
  • Access to the full conference

Get your tickets now!