Making your website vulnerable for fun and security awareness

BSidesLV 2019

Presented by: Kenny Jansson
Date: Wednesday August 07, 2019
Time: 10:00 - 10:25
Location: Proving Ground

What if you could understand the consequence of a vulnerability in your web application before it is being introduced? As part of our security awareness month, our company website was cloned and several vulnerablities were intentially introduced. We then let a selection of our developers attack our website in order to have them see our website from the attacker’s point of view. This presentation will demonstrate the methodology used, how the methodology was applied as well as advantages in running a capture the flag event in the context on your company’s own website.

Kenny Jansson

Security Manager in the Norwegian Insurance Corporation Storebrand, with responsibility of ensuring security in digital services and increasing web application awareness, working closely with developers and DevOps teams. Previously Cyber Threat Management consultant in EY, leading teams in penetration testing engagements. Holder of multiple certifications including GXPN, GWAPT, GPEN, OSCP.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats