Scott Helme

Workshop: “Hack Yourself First” with Scott Helme


3rd floor, room M3.7,
Hack Kampmanns Pl. 2,
8000 Aarhus C.


08:30 Doors open
09:00 Workshop start
17:00 Workshop end

08:30 Doors open
09:00 Workshop start
17:00 Workshop end

Both days Destination AARhus will serve a light breakfast, lunch, coffee/tea, water and some refreshments.


This is a security workshop that teach technology professionals how to break into their own applications – before someone else does.

Online attacks have become a reality of running software on the web today. We find ourselves under a constant barrage of malicious activity from hacktivists, online criminals and increasingly, nation states. Successful attacks from these adversaries are predominantly via flaws in the software products they target – flaws that could have been prevented by developers understanding how online attackers work and what the appropriate defensive measures are.

Workshop abstract

“Hack Yourself First” is all about building up defensive skills in software developers. It looks at security from the attacker’s perspective and takes them through the steps necessary to exploit vulnerable software on the web so that they can experience hacking first hand. Workshop participants are set specific goals they must complete that involve probing for risks and then exploiting discrete vulnerabilities in a specially built vulnerable application. The interactive nature of the workshop means that multiple attack vectors are usually identified across the spectrum of participants and each person contributes their own unique perspective as to how specific risks are exploited.

The objective of the workshop is that each person walks away with demonstrated experience across a broad spectrum of specific risks. They not only learn about but also demonstrate practical experience across a range of different vulnerabilities targeted to the specific needs of the group.

What will the attendees learn? 

Obviously they’ll get taught the mechanics of each of these risks and of course the defensive patterns required to defend against them. But more than that, they get exposed to how to thinkabout security; how to apply it in depth via multiple defences, how to choose appropriate controls based on the specific risk of the feature and how to have the discussion about what makes sense in different circumstances.

Above all though, security is just one factor in delivering working software and it has to be applied appropriately. Sometimes it comes with a trade-off against usability or cost and decisions have to be made about not what’s just most secure, but what’s in the overall best interests of the product being built. This workshop helps those who attend have the right discussions about when and where to invest in security.

Speaker Bio

Scott Helme is a security researcher, consultant and international speaker. He can often be found talking about web security and performance online and helping organisations better deploy both.

 Founder of report-uri.io, a free CSP report collection service, and securityheaders.io, a free security analyser, Scott has a tendency to always be involved in building something new and exciting.

Who is the target for this workshop?

Scott makes developer-centric workshops that focus on presenting security in a way that resonates with a mixture of software developers, security professionals, testers and technology management.

The training is platform agnostic; whether you’re working in ASP.NET, PHP, Node or anything else sending angle brackets over HTTP, the workshop modules are equally relevant.

Limited to 30 participants – to keep the number high enough to get robust group discussion going and low enough to ensure Scott can provide individual support as required.

If you sign up for the workshop you are expected to participate in both workshop days: June 21st AND June 22nd

Deadline for registration: June 14th

This workshop is now fully booked and closed for registrations. 

If you have signed up for the workshop but is unable to attend after all please write an email to: Maria_thing@destinationaarhus.com