What is a Hackalong?
This application security training workshop, developed by ISE, provides developers with a hands-on lab that enhances their understanding of how hackers find and exploit vulnerabilities.
Led by ISE security analysts, your team will "hack along" as we demonstrate how hackers find vulnerabilities within code in order to exploit them for their own gain.
By seeing first-hand an app that is vulnerable, your developers will learn how to find the broken parts, and then discuss how products need to be remediated in order to make them better and more secure.
Hack Along in a Web Application Built for Hands-on Training
The source material for this workshop is a vulnerable web app developed by ISE. Each workshop participant is given access to a private instance of the Hackalong web app and follow the ISE analysts who demonstrate how to identify vulnerabilities.
Attendees then have time to work independently to discover as many of the 40+ vulnerabilities in the Hackalong web app.
The workshop includes group discussion on how to mitigate the vulnerabilities discovered.
After attending this workshop, your team will have a greater appreciation for how to identify issues so that they can be prevented during the build of your product.
How Hackalong Works
What Your Team Will Discover...
The Hackalong provides your team a collaborative learning environment that helps them practice the skills they need to recognize real-world risks present in a web applications. Our security analysts guide them through the process of manually identifying vulnerabilities including those listed on OWASP.
The following types of vulnerabilities can be discovered within the Hackalong web application:
- Injection issues
- Session management
- Cross-site request forgery (CSRF)
- Log spoofing
- Sensitive data disclosures
- Improper information exposures
- Improper password management
- Unvalidated redirects and forwards
- Out of date libraries
- Broken access controls
- Broken asset deletion functionality
- Improper use of HTTP methods
- HTTP hardening headers misconfiguration
- CORS misconfiguration
- Missing cookie attributes
- Insecure asset caching
Frequently Asked Questions
What Hackalong Participants Say
CTO - Jahnel Group
“There is a difference between studying and doing. You can read all the documentation and watch all the videos you want but nothing replaces actual hands-on experience. The folks over at ISE came in to facilitate our first ever Hack Tuesday event! These badasses walked us through how to think like a hacker and provided an environment for us to tear apart. ISE set up an incredible experience for our team.”
“It was super fun, interactive, and engaging as my colleagues and I had those legendary “I’m in!” moments and learned so much along the way. Would absolutely recommend it for any dev team wanting to up their security game.”
“Hack-a-Long was a great experience. I had no previous experience coming into it and learning from the experts at ISE was amazing. These guys are next level. 10/10”
Hackalong Matches Your Needs with Our Hacker Mindset
As experts in performing application security penetration testing, ISE leveraged our experience and turned it into a workshop that helps build security into the development process.
Here's how that methodology aligns with the needs of security teams:
- You need expertise specific to your security problems. We are a team of subject matter experts and specialists.
- You need someone who’s done it. We are security researchers.
- You need to find and fix vulnerabilities. We maximize that through collaborative, white box methodology.
- You need to understand your attacker. Our model is to think just like them.
- You need to prove ROI. Our job isn’t done until you are measurably better.
- You need this to be easier. Our customers love us for being easy to work with, super flexible, and so reliable that they don’t have to worry.
- You have principles and so do we. If our core values resonate with you, then you will succeed with ISE, because these drive every single thing we do, every single day.
By the end of the workshop, your developers will have a greater understanding application security risks and how to avoid them, through a methodology that helps businesses gain a competitive edge, earn trust, and win sales.
A Hackalong Grows Your Team's Skills to Do Application Security Right
The security analysts leading our Hackalong workshop are the same leaders helping some of the largest companies in the world change their mindset when it comes to application security and building security into the development process. It's a different approach, and when done right, one that unifies teams towards the journey for security excellence.