Making your website vulnerable for fun and security awareness

What if you could understand the consequence of a vulnerability in your web application before it is introduced? As part of our security awareness month, our company website was cloned and several vulnerablities were intentially introduced. We then let a selection of our developers attack our website in order to have them see our website from the attacker’s point of view. This presentation will demonstrate the methodology used, how the methodology was applied as well as advantages in running a capture the flag event in the context of your company’s own website. Kenny Jansson Kenny is a Security Manager in Storebrand and is responsible for ensuring security in digital business development. This involves increasing web application security awareness amongst developers in the organization. With several years of experience in penetration testing, Kenny aims to aid Storebrand's developers in understanding both the offensive and defensive perspectives of web application security.