What happens when you look at your code through an attacker’s eyes?

In this workshop, we’ll build a small web application together — then break it using common attack techniques. Along the way, I’ll show how small shortcuts in code can turn into serious vulnerabilities, and more importantly, how to fix them quickly.

You’ll see:

How insecure input handling leads to bugs like XSS (and how to stop it).

Why broken authentication and access controls are developer landmines.

How APIs often leak more than intended — and how to secure them.

This is a demo-driven session, designed to give developers practical experience with both sides: writing insecure code, exploiting it, and patching it the right way.

You’ll leave with a hacker’s perspective on your applications, a simple checklist for secure development, and a starter repo you can use to practice after the event.