Hackflix & Skill
Hackflix & Skill is an interactive security course, in which Buggy will guide you through the most common vulnerabilities we observed in real-world security tests, such as XML External Entity Attack, Privilege Escalation, Cross-Site Scripting, SQL Injection, Remote Code Execution and many more…
After hundreds of training sessions in all sizes of organizations, we came up with a completely new idea for building security awareness across project teams. Instead of doing one-shot workshops with developers on-site, we divide the knowledge into smaller portions with an added storyline.
What does this program look like?
The whole program is based on a TV series formula. There are 5 modules – we call them episodes. Each episode has its own story based on real-life examples of security issues that we have encountered in our daily work.
What is new is the fact that the participants can control the plot.
The students are involved in a dialogue with the character and solve exercises and quizzes to consolidate newly acquired knowledge. An interactive form of training allows for an engaging and modern way of consuming knowledge.
We will introduce your team to the hackers’ perspective, which will help them spot code weaknesses and significantly improve security of the company and its products.
What do you get? – Training goals
- Awareness of real-life threats affecting companies
Each episode presents a vulnerability chain (known as a kill chain), which leads to disastrous consequences.
- Full involvement of participants thanks to a comprehensive interactive approach
This is not another boring training that can be quickly skipped by clicking “next” due to the lack of adjustment to the group.
- Showcase of the best practices based on the OWASP TOP 10
The course discusses many vulnerabilities from the OWASP TOP 10. We have selected examples which often appear in applications that we test.
- A simple way to train the entire department
You can buy access to Hackflix & Skill for a certain number of users, and we will handle the rest. The course can also be easily integrated with your learning management system so that anyone in your organization, who has access to your LMS, can get the training.
- Reduced true cost of employee training
Most courses have a hidden price – exclusion from work for a day or two. To solve this problem, we have shortened the duration to ~2h per episode, focusing on key topics only and dividing them into smaller fragments to enable learning at a convenient time.
Effective formula for the whole year
There are many aspects of security, and this may seem confusing at the beginning. Instead of overwhelming participants with the knowledge, we decided to provide regular doses. That is a completely new approach to courses – and we believe this is the right way.
Consistency helps develop good habits.
We suggest unlocking an episode once every 3 months to keep developers’ minds stimulated during a longer period. In this way, you realistically increase the chances that good practices will be a permanent part of software development process.
Each episode contains:
- vulnerability chains based on real penetration tests (kill chains) that we had experience with during over 19 years of providing security services all over the globe
- exercises with answers containing good and bad code examples of which the participant must choose the correct one (based on real-world solutions)
- multiple choice questions and quizzes at the end of each episode summarizing the acquired knowledge
- threat modeling session on the problems solution that will be the best fit for your organisation
All episodes are filled with technical content. Here, you can see the script of the first episode 👇
Bonus materials for developers:
We also did research among developers during many cybersecurity conferences we attended. Based on their needs, we have created handy materials for everyday use:
- Buggy’s 1010 – a set of short and useful tips for developers based on the most common security bugs found in all reports – it helps eliminate the biggest security bugs right at the beginning of the SDLC.
- Security Reference – a document containing enhanced references related to the 14 categories in the OWASP Application Security Verification Standard 4.0 – carefully selected source of proven and reliable information
Hackflix & Skill is available for teams starting from 30 members
To make sure everyone is keeping up with the material, Hackflix & Skill course can be accessed through the special learning management platform. You can enroll users as well as track their progress.
Awareness is built over time, and the best way to do so is to understand the other party’s perspective. Hence, the main idea of the training is:
If you want a more extensive introduction to our training, feel free to book a call with us or simply leave a message – we will get back to you and tell you more about implementing security in your organization.