Last Friday, I participated in my first security hackathon. Whiteaway held it because the company wanted to focus on cybersecurity. It’s essential for us, for the company, for clients. Here are a few points I want to mention from the hackathon.

We started the hackathon with a small presentation. First, our lead developer from the Platform team presented what he wanted from the session.

The ideation phase focused on attack vectors and surfaces. We spent a big chunk of our time identifying and discussing cybersecurity issues.

It was a good session. I was surprised how quickly a few people could develop some great ideas in a room.

Once the team did that, we moved to a practical side. Every person could pick an area he was interested in. For example, let’s say network or web application security.

I chose web application security. I spent my time trying all sorts of tools and scanning our internal web applications. I tried Kali Linux, but I couldn’t find a good flow due to a shortage of time, and the scanning results were a mess.

My QA colleague suggested I look into OWASP ZAP. I was amazed to discover such an easy tool with great UI and other features. I was up and running in no time.

When the first vulnerability results came in, I evaluated and assessed the situation. Of course, it’s hard when you don’t have experience and still learning the ropes. However, one must be very cautious about considering the risk when determining things. Just because you saw something on a screen doesn’t mean it’s game over. Double-check it. Talk to your colleagues. Discuss it.

At the end of a hackathon, we learned something new. For example, how to use cybersecurity tools, develop attack vectors and surfaces, and be a good participant. In addition, we made our findings internally available. We will continue with this initiative.