Target audience

This training is for: 

• Mendix application developers 
• Mendix application architects 
• Mendix application testers 

Not sure if this training is for you… contact us.

Content

During this workshop, participants learn hands-on techniques hackers can use to attack Mendix applications and how to defend your application as a developer.   

During this training you will learn: 

• The concepts behind the Mendix security model  
• Common mistakes and vulnerabilities in Mendix applications 
• Methods to find/exploit vulnerabilities yourself in
  • Data model / access rules 
  • Microflows 
  • REST/SOAP API’s 
  • Custom request handlers 
• Guidelines on how to prevent vulnerabilities 

Relevance

Low code platforms like Mendix make it easier to develop applications. Firstly, because developers do not need to write code themselves, and secondly because these platforms take responsibility for certain security sensitive functionalities. We daily see that this results in developers having a skewed perspective on the latter, resulting in unclarity about which responsibilities lie with the developers and which lie with the platform. Too often this leads to security breaches of the developed applications. 

The S-Unit?

When you put on a hacker's glasses and attack a Mendix application, you are immediately confronted with the facts. As a result, the subject of “security” changes forever from a theoretical story to a tangible reality. 

Prior knowledge

For this training you will need to have basic experience with Mendix Studio Pro.

Included

• Training material 
• Certificate of participation 

You need to bring

• A laptop with the following software installed: 
  • Burp
  • Mendix Studio Pro (latest version) 

Theory

• Basic theory web applications & web app hacking
• Mendix security model and implementation
• Attack surface Mendix applications
• Common vulnerabilities
  • Rights configuration
  • Microflow implementation
  • UI vulnerabilities
  • REST/SOAP integrations
  • AppStore modules
  • Custom Java
• Recognize and prevent

Practical exercises

• Direct interaction with Mendix applications via JavaScript and HTTP
• Enumeration of accessible data and functionalities in Mendix applications
• Recognizing and exploiting common vulnerabilities through hack challenges

Dirk van Veen
Ethical Hacker & Founder - The S-Unit

Dirk van Veen is an ethical hacker and founder of The S-Unit with a master's degree in Computer Security. He started in 2011 as a penetration tester and within The S-Unit he is ultimately responsible for the technical side of all hacking and consultancy activities. Dirk enjoys exploring and finding vulnerabilities in new technologies, such as application frameworks, cloud platforms and low code solutions. In addition to his work at The S-Unit, Dirk regularly organizes hack competitions for Hack in the Box (2012-2019) and Platform for Information Security (2014-present) and he gives weekly ballroom dancing lessons to students in Amsterdam.

Training location

Online

Lunch

Lunch is not included in this training.

Start and end time

9:00 am to 5:00 pm CEST.

Language

The language of the training is always indicated. If you would like to follow the training in another language, please contact us. If there is sufficient interest, the training will also be offered in other languages.. 

Are you missing information or do you have special wishes?

Send an email to [email protected] and we contact you!!