brand

Hackalong

An Application Security Training Workshop

Your team will "hack along" with ISE security analysts to explore how hackers find and exploit vulnerabilities within web applications. 

Learn More
Image uploaded from iOS (7) (1)

What is a Hackalong?

This application security training workshop, developed by ISE, provides developers with a hands-on lab that enhances their understanding of how hackers find and exploit vulnerabilities.

Led by ISE security analysts, your team will "hack along" as we demonstrate how hackers find vulnerabilities within code in order to exploit them for their own gain.

By seeing first-hand an app that is vulnerable, your developers will learn how to find the broken parts, and then discuss how products need to be remediated in order to make them better and more secure.

Hack Along in a Web Application Built for Hands-on Training

The source material for this workshop is a vulnerable web app developed by ISE. Each workshop participant is given access to a private instance of the Hackalong web app and follow the ISE analysts who demonstrate how to identify vulnerabilities.

Attendees then have time to work independently to discover as many of the 40+ vulnerabilities in the Hackalong web app.

The workshop includes group discussion on how to mitigate the vulnerabilities discovered.

After attending this workshop, your team will have a greater appreciation for how to identify issues so that they can be prevented during the build of your product.

Learn More
Screen Shot 2021-03-22 at 11.57.26 AM

How Hackalong Works

1. Exploit

Follow along with ISE's "ethical hackers" to find and exploit vulnerabilities.

2. Practice

Practice at finding other vulnerabilities in your dedicated vulnerable application instance.

3. Discuss

Gain real-world insight through group discussion on how to best prevent the vulnerabilities discovered. 

4. Prevent

Apply this knowledge to aid in your company's application security skills.

What Your Team Will Discover...

The Hackalong provides your team a collaborative learning environment that helps them practice the skills they need to recognize real-world risks present in a web applications. Our security analysts guide them through the process of manually identifying vulnerabilities including those listed on OWASP.

The following types of vulnerabilities can be discovered within the Hackalong web application:

 

  • Injection issues
  • Session management
  • Cross-site request forgery (CSRF)
  • Log spoofing
  • Sensitive data disclosures
  • Improper information exposures
  • Improper password management
  • Unvalidated redirects and forwards

 

  • Out of date libraries
  • Broken access controls
  • Broken asset deletion functionality
  • Improper use of HTTP methods
  • HTTP hardening headers misconfiguration
  • CORS misconfiguration
  • Missing cookie attributes
  • Insecure asset caching

Learn More
application workshop

Frequently Asked Questions

Is the Hackalong a formal training?
The Hackalong should be thought of as a workshop. The goal is to create a learning environment that is both collaborative and fun. Participants will spend a significant portion of time doing hands-on hacking.
How long is the Hackalong?
The minimum amount of time required is 3 hours. The maximum amount of time depends on your goals and training budget. Most workshops are between 3 and 4 hours in duration.
Do I need to have any prior hacking experience?
Experience with HTTP, HTML, and JavaScript is beneficial, but no prior hacking skills are required. A positive attitude and a fun spirit will enhance the experience.
Who will get the most out of this workshop?
People responsible for software development who want to gain more experience with practical  application security concepts. 
How does this workshop align with your company's training budget?
Length of the session, how many attendees you will have, and the topics you want included all factor into the cost of the workshop. In general, based on the average size and length of past trainings, your business can anticipate a budget of around $10,000 for a 3-hour session.

What Hackalong Participants Say

Steven Z.

CTO - Jahnel Group

“There is a difference between studying and doing. You can read all the documentation and watch all the videos you want but nothing replaces actual hands-on experience. The folks over at ISE came in to facilitate our first ever Hack Tuesday event! These badasses walked us through how to think like a hacker and provided an environment for us to tear apart. ISE set up an incredible experience for our team.”

 

Chris

Senior Engineer

“It was super fun, interactive, and engaging as my colleagues and I had those legendary “I’m in!” moments and learned so much along the way. Would absolutely recommend it for any dev team wanting to up their security game.”

 

Ian

Senior Engineer

“Hack-a-Long was a great experience. I had no previous experience coming into it and learning from the experts at ISE was amazing. These guys are next level. 10/10”

 

Your Journey to Security Excellence Begins Here
Signup for a Hackalong

Our security analysts guide your team through the concepts of exploitation used by adversaries.

Get Started

Hackalong Matches Your Needs with Our Hacker Mindset

As experts in performing application security penetration testing, ISE leveraged our experience and turned it into a workshop that helps build security into the development process.

Here's how that methodology aligns with the needs of security teams:

  • You need expertise specific to your security problems. We are a team of subject matter experts and specialists.
  • You need someone who’s done it. We are security researchers.
  • You need to find and fix vulnerabilities. We maximize that through collaborative, white box methodology.
  • You need to understand your attacker. Our model is to think just like them.
  • You need to prove ROI. Our job isn’t done until you are measurably better.
  • You need this to be easier. Our customers love us for being easy to work with, super flexible, and so reliable that they don’t have to worry.
  • You have principles and so do we. If our core values resonate with you, then you will succeed with ISE, because these drive every single thing we do, every single day.

By the end of the workshop, your developers will have a greater understanding application security risks and how to avoid them, through a methodology that helps businesses gain a competitive edge, earn trust, and win sales.

ISE_mceu0sk69st02xr4zj0d1tepyv31upy703_5028

A Hackalong Grows Your Team's Skills to Do Application Security Right

The security analysts leading our Hackalong workshop are the same leaders helping some of the largest companies in the world change their mindset when it comes to application security and building security into the development process. It's a different approach, and when done right, one that unifies teams towards the journey for security excellence.   

Our Work Has Been Featured In...

cbs-news
dark-reading-small
the-baltimore
ara-technica-small
cso
computer-world

Improve you team's application security skills
Signup for a Workshop

The Hackalong is an fun hands-on and collaborative session between your team and our security analysts

Get Started

Complete the Form to Learn More or Schedule a Hackalong

Privacy Policy