Michal Špaček

I build web applications and I'm into web application security. I like to speak about secure development. My mission is to teach web developers how to build secure and fast web applications and why. (more about me, contact)

My trainings

And this is what they say about them: Originally, I've arranged Michal's training primarily for my colleagues because "of course I already know these things"... Michal has changed my mind in the first hour of the first day and continued to do so for the whole two days. Thanks to this training I finally understood some of the attack/defense concepts in full depth, and especially in the right context. — Jan Pospíšil, Senior PHP developer, Czech Radio

Public trainings

Come to my public trainings, everybody's welcome:

HTTPS for developers and admins December 8–9, 2020 remoteafternoons
PHP application security December 14–17, 2020 remoteafternoons

Trainings in Prague (or remote) are held regularly in the middle of March, June, September, and December, in other cities irregularly.

In-house trainings

Any public training can also be turned into an in-house training. As an extra, I offer these in-house-only courses:

Security for users

Looking for Introduction to PHP, Classes and objects in PHP? I've handed them over to Martin Hujer. I've discontinued Web application performance, Martin Michálek runs a similar training.

My articles

Don't let security bugs catch you off guard

November 9, 2020

Nette, PHP, RCE, CVE, GitHub, Dependabot, Composer, PHPStan

At the end of August, a critical security bug was discovered and immediately fixed in one of the popular PHP frameworks, Nette. Although the author of the framework, David Grudl, did everything possible, some did not learn about the bug in time and did not update their sites and web apps. Let me tell you a few tips not only for PHP, that will help you to know about similar problems as soon as possible.

June 9, 2020

training, security, PHP, HTTPS

I'm organizing another round of my training, this time remotely. Afternoons, for half of the regular price.

March 7, 2020

HTTPS, TLS, certificates, revocation, OCSP, SSL Labs, OpenSSL, crt.sh

Browsers mostly don't check whether a HTTPS certificate has been revoked so maybe you'd like to do it manually. There are a few ways how to query an Online Certificate Status Protocol (OCSP) server so let's see some of them. You'll need a browser (and the openssl tool).

(read more…)

All articles

My talks

Favorites

HTTP hlavičky, Subresource Integrity a spol. chrání vaše návštěvníky před bezpečnostními chybami
XSS PHP CSP ETC OMG WTF BBQ, o Cross-Site Scriptingu a Content Security Policy
Hlava není na hesla, použijte na ně raději password manager
HTTPS, co, proč, jak, zač, nač, kdy, kde, s kým a proti komu
Webová bezpečnost, popis několika základních útoků i méně známých triků
Jak jsme zlepšili zabezpečení Slevomatu a jak byste měli udělat to samé
Zahashovat heslo, uložit, …, profit!, o správném hashování hesel

Upcoming talks

…at your event or conference, let me know!

Talks

Novinky v browserech z pohledu bezpečnosti
November 11, 2020, JavaDays 2020 (60 minutes)

Hacknul jsem vás, ale v pohodě
November 6, 2020, LAW FIT Kyberbezpečnost (25 minutes)

Co nového v browserech (z pohledu bezpečnosti)
October 3, 2020, LinuxDays 2020 (50 minutes)

Vyhledávejte na netu jako MacGyver
February 14, 2020, Seminář o kybernetické bezpečnosti (50 minutes)

Defense in Depth
November 27, 2019, 5th #DevopsPilsen (30 minutes)

All talks

Me answering questions

Engage in Continual Learning to Advance your IT Career
May 3, 2019, IT Career Energizer

Michal Špaček z Report URI o smyslu práce, potenciálu i prokrastinaci
January 15, 2019, StartupJobs

Blokování webů a stránek
June 4, 2016, Český rozhlas Online Plus

Na 11. srazu Na volné noze
June 4, 2016, 11. sraz Na volné noze

Webový vývojář musí mít hackerské myšlení
May 30, 2016, Kyberbezpečnost.cz

All interviews