Michal Špaček
I build web applications and I'm into web application security. I like to speak about secure development. My mission is to teach web developers how to build secure and fast web applications and why. (more about me, contact)
My trainings
Public trainings
Come to my public trainings, everybody's welcome:
- PHP application security December 11–12, 2018 Prahanow 2 days
- HTTPS for developers and admins December 13, 2018 Praha
Trainings in Prague are held regularly in the middle of March, June, September, and December, in other cities irregularly.
In-house trainings
Any public training can also be turned into an in-house training. As an extra, I offer these in-house-only courses:
Looking for Introduction to PHP, Classes and objects in PHP? I've handed them over to Martin Hujer. I've discontinued Web application performance, Martin Michálek runs a similar training.
My articles
Just a few weeks ago, a new regional transportation system called Lítačka (a slang word for prepaid municipal transportation ticket used in some parts of the Czech Republic) was put into operation in Prague and the Central Bohemian Region. The system allows passengers to buy tickets in a mobile application, passengers can also pair their tickets with their payment cards so the validity of the prepaid ticket can later be checked by waving the card near random card readers in transportation vehicles. You could also steal a password reset link right from the unsuspecting user's browser.
Chrome started marking all HTTP websites as Not secure yesterday (on my birthday, what a gift!) with their release of Chrome 68. The treatment is not a red warning yet, just a gray (i). And there's a lot of busy czech websites getting that treatment. And how did we get here anyway and what's next?
I joined Report URI, the real-time security reporting tool, a year ago. In fact, my first code change was June 27, 2017. Since then I've added 709,402 more lines. And deleted 1,981,599 lines.
My talks
Favorites
- HTTP hlavičky, Subresource Integrity a spol. chrání vaše návštěvníky před bezpečnostními chybami
- XSS PHP CSP ETC OMG WTF BBQ, o Cross-Site Scriptingu a Content Security Policy
- Hlava není na hesla, použijte na ně raději password manager
- HTTPS, co, proč, jak, zač, nač, kdy, kde, s kým a proti komu
- Webová bezpečnost, popis několika základních útoků i méně známých triků
- Jak jsme zlepšili zabezpečení Slevomatu a jak byste měli udělat to samé
- Zahashovat heslo, uložit, …, profit!, o správném hashování hesel
Upcoming talks
Vyhledávání na Internetu pomocí specializovaných vyhledávačů
September 26, 2018, CyberCon Brno 2018 (60 minutes)
Cracking passwords, or why use password_hash()
October 28, 2018, phpCE 2018 (50 minutes)
Úniky dat, co to vůbec je a jak na ně reagovat
November 15, 2018, WebTop100 2018 (25 minutes)
I'll happily do a talk at your event or conference, let me know!
Talks
XSS PHP CSP ETC OMG WTF BBQ
June 27, 2018, Madeo Office Opening Party (60 minutes)
Everything is User Input
June 23, 2018, PHP Prague (20 minutes) 📃
Bezpečnost prakticky a na vlastní kůži
April 19, 2018, Partnerské setkání TechData (120 minutes)
“Hlavně si to heslo nikam nepište”
April 13, 2018, Outlaw 2018 (20 minutes)
Vyhledávejte na netu jako MacGyver
March 10, 2018, AimtecHackathon 2018 (45 minutes) 📃
Me answering questions
Blokování webů a stránek
June 4, 2016, Český rozhlas Online Plus ♫
Na 11. srazu Na volné noze
June 4, 2016, 11. sraz Na volné noze ►
Webový vývojář musí mít hackerské myšlení
May 30, 2016, Kyberbezpečnost.cz
Hlavní je používat hlavu, ale ne na hesla
May 3, 2016, Host Radiožurnálu ♫
Jak zvýšit zabezpečení vašeho webu?
February 17, 2016, MladýPodnikatel.cz ♫ ►