Micro Talk (5 minutes):

hackbases - journey to off the grid


Michał Stefanów (michalstefanow.com), Michal Stefanow Ltd

Slides: bit.ly/hackbases


The hackbase started as “Cyberhippietotalism” or “CHT#1” in 2011. After 3 years as a rented house, the second version of the base restarted in November 2014, as an off-grid camp & research initiative, scheming to buy first plot of land and settle in the same area: north of Lanzarote, Canary Islands.

1st Talk (short)

Multi-Vectored Web Application Exploitation


Freddie Barr-Smith


In this talk I aim to give a practical introduction to basic web application exploitation. Attack vectors such as browser hacking, cross-site scripting and SQL injection are often demeaned. There are many critical services contained within the application layer such as online banking, social networking and email. The vast majority of vulnerabilities found nowadays are injection or XSS based and it is possible to leverage access gained via application-layer attacks.

2nd Talk (long)

OWASP mobile top ten


Paco Hope (@pacohope), Cigital

Paco Hope is a security consultant at Cigital who has helped software firms secure their software for nearly 15 years in a variety of industries like financial services, retail, and embedded systems. He is the author of two books on security, the most recent being the Web Security Testing Cookbook. He helps (ISC)² develop the Certified Secure Software Lifecycle Professional (CSSLP) and CISSP certifications.


OWASP’s Mobile Top Ten (MTT) Risks project has been around for a few years and has changed shape several times during those years. In 2015 we’re remaking it with reference data from several security consultancies. Paco Hope is helping to shape the 2015 version of the MTT and will share where it has been, where it is, and where it’s going. More info is available at: OWASP Top 10 Mobile Risks