Skip to main content

Mendix: hacking and securing

 

Target audience

This training is for: 

  • Mendix application developers 
  • Mendix application architects 
  • Mendix application testers 

Not sure if this training is for you… contact us.

Content

During this workshop, participants learn hands-on techniques hackers can use to attack Mendix applications and how to defend your application as a developer.  

During this training you will learn: 

  • The concepts behind the Mendix security model  
  • Common mistakes and vulnerabilities in Mendix applications 
  • Methods to find/exploit vulnerabilities yourself in
    • Data model / access rules 
    • Microflows 
    • REST/SOAP API’s 
    • Custom request handlers 
  • Guidelines on how to prevent vulnerabilities 

Relevance

Low code platforms like Mendix make it easier to develop applications. Firstly, because developers do not need to write code themselves, and secondly because these platforms take responsibility for certain security sensitive functionalities. We daily see that this results in developers having a skewed perspective on the latter, resulting in unclarity about which responsibilities lie with the developers and which lie with the platform. Too often this leads to security breaches of the developed applications.  

The S-Unit?

When you put on a hacker's glasses and attack a Mendix application, you are immediately confronted with the facts. As a result, the subject of “security” changes forever from a theoretical story to a tangible reality.   

Prior knowledge

For this training you will need to have basic experience with Mendix Studio Pro.  

Included

  • Training material 
  • Certificate of participation 

You need to bring

  • A laptop with the following software installed: 
    • Burp
    • Mendix Studio Pro (latest version) 

 

Theory

  • Basic theory web applications & web app hacking
  • Mendix security model and implementation
  • Attack surface Mendix applications
  • Common vulnerabilities
    • Rights configuration
    • Microflow implementation
    • UI vulnerabilities
    • REST/SOAP integrations
    • AppStore modules
    • Custom Java
  • Recognize and prevent

Practical exercises

  • Direct interaction with Mendix applications via JavaScript and HTTP
  • Enumeration of accessible data and functionalities in Mendix applications
  • Recognizing and exploiting common vulnerabilities through hack challenges

 

Dirk van Veen
Ethical Hacker & Founder - The S-Unit

Dirk van Veen is an ethical hacker and founder of The S-Unit with a master's degree in Computer Security. He started in 2011 as a penetration tester and within The S-Unit he is ultimately responsible for the technical side of all hacking and consultancy activities. Dirk enjoys exploring and finding vulnerabilities in new technologies, such as application frameworks, cloud platforms and low code solutions. In addition to his work at The S-Unit, Dirk regularly organizes hack competitions for Hack in the Box (2012-2019) and Platform for Information Security (2014-present) and he gives weekly ballroom dancing lessons to students in Amsterdam.

 

Training location

Online

Lunch

Lunch is not included in this training.

Start and end time

9:00 am to 5:00 pm CEST.

Language

The language of the training is always indicated. If you would like to follow the training in another language, please contact us. If there is sufficient interest, the training will also be offered in other languages..  

 

Are you missing information or do you have special wishes?

Send an email to [email protected] and we contact you!!

Practical information
back-in-time (2) kopiëren
Duration
1 day
Time 2
Time
9:00 am to 5:00 pm CEST
dollar-bill
Costs
€875,- (excl. BTW)
speech-bubble (5)
Language
English
pin (8)
Location
Online
Dates 2024
12 Sep

Mendix: hacking and securing

Thursday
12 Nov

Mendix: hacking and securing

Tuesday
19 Nov

Mendix: hacking and securing

Tuesday
26 Nov

Mendix: hacking and securing

Tuesday
No event found!
Reviews
Peter van Oers - Specialist Informatiebeveiliging (ZLTN)
18 maart 2023
Read More
Hard, interesting and educational (and even more to learn). A lot to take into account when building a Mendix app. A day well spent!
Max Luinge - Mendix Developer
28 maart 2023
Read More
As a Mendix developer you do not always realize what is actually happening deep under the hood and what is possible, but this training makes this very clear to you.
Oskar Oja - Lead Developer (Processa Technologies)
29 maart 2023
Read More
Very comprehensive and interactive training. A lot new topics were introduced like how Mendix has implemented its security features and where the line is drawn with app security when comes to built-in functionalities. Also some real-life cases were introduced that will help to look your own apps for vulnerabilities and think of ways how these kind of attacks may happen and be prevented. Recommend it to everybody who works with Mendix, since its important part of keeping the app secure. With ease of app creation with Mendix these mistakes are easy to come without you knowing about it so it is easy to get ahead.
Koen Freriks - Software Architect (KWEEKERS)
16 juni 2023
Read More
Would recommend this to anyone who is building Mendix applications. I would suggest having at least your Intermediate or advanced certificate in order to get the most out of this training. This is a very practical and insightful training on security in general and how this carries over to Mendix applications. Creating lots of Custom made applications with Mendix increases the speed at which we introduce vulnerabilities. This training provides very practical lessons which you can apply to find vulnerabilities in your own applications. After this, it was easy for me to share the knowledge internally to increase everyone’s capacity to build more secure applications. It helped form new principles within our team to build more secure apps.
Lucas Hijman - Mendix Trainee (Linden IT)
20 juni 2023
Read More
I definitely recommend this workshop. The course leader points out loads of (sometimes confronting) methods a Mendix application can be used in unintended ways. Thus, with making a secure application, there are certain mindsets you need to adapt. The interactiveness is very fun. Especially in the morning and at the very end of the afternoon. However, distribution over the day could be a bit better (so also early afternoon).
Previous
Next
Would you like to know more about the services of The S-Unit? Or do you have another S-ential question for us?
×

 

Hallo!

Heb je een vraag voor ons? Vraag het aan Kai!

× Do you have a question?