Mendix: hacking and securing
Target audience
This training is for:
- Mendix application developers
- Mendix application architects
- Mendix application testers
Not sure if this training is for you… contact us.
Content
During this workshop, participants learn hands-on techniques hackers can use to attack Mendix applications and how to defend your application as a developer.
During this training you will learn:
- The concepts behind the Mendix security model
- Common mistakes and vulnerabilities in Mendix applications
- Methods to find/exploit vulnerabilities yourself in
- Data model / access rules
- Microflows
- REST/SOAP API’s
- Custom request handlers
- Guidelines on how to prevent vulnerabilities
Relevance
Low code platforms like Mendix make it easier to develop applications. Firstly, because developers do not need to write code themselves, and secondly because these platforms take responsibility for certain security sensitive functionalities. We daily see that this results in developers having a skewed perspective on the latter, resulting in unclarity about which responsibilities lie with the developers and which lie with the platform. Too often this leads to security breaches of the developed applications.
The S-Unit?
When you put on a hacker's glasses and attack a Mendix application, you are immediately confronted with the facts. As a result, the subject of “security” changes forever from a theoretical story to a tangible reality.
Prior knowledge
For this training you will need to have basic experience with Mendix Studio Pro.
Included
- Training material
- Certificate of participation
You need to bring
- A laptop with the following software installed:
- Burp
- Mendix Studio Pro (latest version)
Theory
- Basic theory web applications & web app hacking
- Mendix security model and implementation
- Attack surface Mendix applications
- Common vulnerabilities
- Rights configuration
- Microflow implementation
- UI vulnerabilities
- REST/SOAP integrations
- AppStore modules
- Custom Java
- Recognize and prevent
Practical exercises
- Direct interaction with Mendix applications via JavaScript and HTTP
- Enumeration of accessible data and functionalities in Mendix applications
- Recognizing and exploiting common vulnerabilities through hack challenges
Dirk van Veen
Ethical Hacker & Founder - The S-Unit
Dirk van Veen is an ethical hacker and founder of The S-Unit with a master's degree in Computer Security. He started in 2011 as a penetration tester and within The S-Unit he is ultimately responsible for the technical side of all hacking and consultancy activities. Dirk enjoys exploring and finding vulnerabilities in new technologies, such as application frameworks, cloud platforms and low code solutions. In addition to his work at The S-Unit, Dirk regularly organizes hack competitions for Hack in the Box (2012-2019) and Platform for Information Security (2014-present) and he gives weekly ballroom dancing lessons to students in Amsterdam.
Adam Hartman
Ethical Hacker – The S-Unit
Adam Hartman is an ethical hacker originally from Sweden who moved to the Netherlands in 2020. He started working for The S-Unit the same year, and has been involved in testing Mendix applications on a regular basis. Adam greatly enjoys the challenge of finding and exploiting vulnerabilities in all kinds of computer systems. So much so, he spends a lot of his free time engaged in personal and group-based hacking competitions.
Training location
Online
Lunch
Lunch is not included in this training.
Start and end time
9:00 am to 5:00 pm CEST.
Language
The language of the training is always indicated. If you would like to follow the training in another language, please contact us. If there is sufficient interest, the training will also be offered in other languages..
Are you missing information or do you have special wishes?
Send an email to [email protected] and we contact you!!
5 Reviews ( 4.8 out of 5 )
Mendix trainee
4
I definitely recommend this workshop. The course leader points out loads of (sometimes confronting) methods a Mendix application can be used in unintended ways. Thus, with making a secure application, there are certain mindsets you need to adapt. The interactiveness is very fun. Especially in the morning and at the very end of the afternoon. However, distribution over the day could be a bit better (so also early afternoon).
Software Architect
5
Would recommend this to anyone who is building Mendix applications. I would suggest having at least your Intermediate or advanced certificate in order to get the most out of this training. This is a very practical and insightful training on security in general and how this carries over to Mendix applications. Creating lots of Custom made applications with Mendix increases the speed at which we introduce vulnerabilities. This training provides very practical lessons which you can apply to find vulnerabilities in your own applications. After this, it was easy for me to share the knowledge internally to increase everyone's capacity to build more secure applications. It helped form new principles within our team to build more secure apps.
Lead developer
5
Very comprehensive and interactive training. A lot new topics were introduced like how Mendix has implemented its security features and where the line is drawn with app security when comes to built-in functionalities. Also some real-life cases were introduced that will help to look your own apps for vulnerabilities and think of ways how these kind of attacks may happen and be prevented. Recommend it to everybody who works with Mendix, since its important part of keeping the app secure. With ease of app creation with Mendix these mistakes are easy to come without you knowing about it so it is easy to get ahead.
Mendix developer
5
As a Mendix developer you do not always realize what is actually happening deep under the hood and what is possible, but this training makes this very clear to you.
Information management specialist
5
Hard, interesting and educational (and even more to learn). A lot to take into account when building a Mendix app. A day well spent!
Training overviewRegister
Practical information
Duration
1 day
Dates 2024
4 juni
15 juli
9 oktober
26 november
Time
9:00 am to 5:00 pm CEST
Costs
€875,- (excl. BTW)
Language
English
See tab "more information"
Location
Online
Practical information
Text
Duration
1 day
Dates 2024
4 juni
15 juli
9 oktober
26 november
Time
9:00 am to 5:00 pm CEST
Costs
€875,-
(excl. BTW)
Language
English
See tab "more information"
Location
Online
Would you like to know more about the services of The S-Unit? Or do you have another S-ential question for us?
