8 - 10 July 2026
Berlin • Germany
Berlin • Germany
A full-day hands-on workshop where developers identify, exploit, and fix common injection vulnerabilities in web apps. Examples provided in Python, JavaScript, and .NET so participants can work in their preferred language.
Workshop Structure
Hour 1: SQL Injection (~50 min)
Intro, vulnerable app demo, exploitation lab, remediation implementation, Q&A.
Hour 2: Command Injection (~50 min)
Intro, vulnerable app demo, exploitation lab, remediation implementation, Q&A.
Hour 3: Command Injection & Cross-Site Scripting (XSS) (~55 min)
Intro, vulnerable app demo, "Eval is Evil" segment, exploitation lab, remediation implementation, Q&A.
Hour 4: Deserialization Vulnerabilities (~50 min)
Intro, vulnerable app demo, exploitation lab, remediation implementation, Q&A.
Hours 5–6: JWT Token Manipulation (~110 min)
Build it: JWT overview, common use cases, integrate a JWT in a web app. Break it: Exploit flaws like decode vs. verify, bad signing, token expiration, denial of service, wrong storage, leaking secrets. Fix it: Step-by-step remediation of exploited flaws.
Hour 7 (Bonus, time permitting)
Other injection techniques, including AI tooling injection.
Exercise Format:
Each section includes pre-configured app code in multiple languages, step-by-step exploitation instructions, example attack payloads, secure code templates, and verification methods.
Laptop required. All exercises run locally. Participants should complete pre-distributed setup instructions beforehand; at minimum, Docker and git must be installed and functioning and one language interpreter should be installed and functioning (ideally Python or JavaScript).
Head of Development at Sourcico
Learn MORE ↓Wekoslav Stefanovski has about two decade of professional developer experience using a variety of development technologies. Has been using C# since the first public beta, and has a long and fruitful love relationship with it. Has been using JavaScript since the previous millennium and has a long and fruitful love/hate relationship with it. Currently, works at Sourcico as Head of development. He is passionate about functional programming, static code analysis, compiler design and code quality metrics.
Chief Information Security Officer @ Blue dot and @ Sourcico. Founder @ BeyondMachines
Learn MORE ↓Spirovski Bozidar has over 20 years of experience in cybersecurity. He believes that cybersecurity is not just about technology but is integral to every aspect of an organization. By working closely with teams, Bozidar aims to integrate cybersecurity features as a standard practice in product development. He also stresses the importance of leadership in fostering individual growth and providing consistent support. Bozidar has held significant roles in various companies. He is the Chief Information Security Officer at Blue dot and Sourcico, with previous tenure in SaaS startups as well as large enterprises in the banking, telco and energy sectors. At EVN, H4 and Blue dot he played a pivotal role in setting up the InfoSec organizations and achieving approval by security teams of the largest companies in the world as customers. He also founded BeyondMachines, creating a cybersecurity threat awareness platform and mentoring engineering students.
Sebastian Gingter
Christian Weyer
Julia Kordick
Oliver Sturm
Elio Struyf
Luise Freese
Shramish Kafle
Moataz Nabil
Lutz Huehnken
Hendrik Lösch
Manfred Steyer
Wekoslav Stefanovski
Bozidar Spirovski
Miriam Kümmel
Marc Müller
Neno Loje
Can’t find a specific topic you would love to see as a Masterclass? Reach out to us at tickets@wearedevelopers.com