Michal Špaček
My trainings
And this is what they say about them: Originally, I've arranged Michal's training primarily for my colleagues because "of course I already know these things"... Michal has changed my mind in the first hour of the first day and continued to do so for the whole two days. Thanks to this training I finally understood some of the attack/defense concepts in full depth, and especially in the right context. — Jan Pospíšil, Senior PHP developer, Czech Radio
Public trainings
Come to my public trainings, everybody's welcome:
- PHP application security September 24–25, 2019 Praha2 days
- HTTPS for developers and admins September 26, 2019 Praha
Trainings in Prague are held regularly in the middle of March, June, September, and December, in other cities irregularly.
In-house trainings
Any public training can also be turned into an in-house training. As an extra, I offer these in-house-only courses:
Looking for Introduction to PHP, Classes and objects in PHP? I've handed them over to Martin Hujer. I've discontinued Web application performance, Martin Michálek runs a similar training.
My articles
Top 10 coffee brands based on how much their names are used as passwords. Look, not every password research has to be meaningful.
Yesterday, Google announced yet another Security Key to be used for two-factor authentication (2FA, sometimes 2-step verification, 2SV) for Google's services. This one is built directly into Android 7+ so you may already have it in your pocket. It uses Bluetooth (but pairing isn't required) and currently works only in Chrome and Chromium-based browsers – Google says it's a beta version. And that's basically all we know about it. I use 2FA where possible, I recommend using it whenever possible so I just had to try it.
Yesterday I checked Czech websites in “Collection #1” and others (like “Collection #2” to “Collection #5”, “BigDB”), today I've checked Slovak sites. We're neighboring countries and historically have a lot in common, many Czech users have accounts on Slovak sites as well, so it seemed like a good idea.
My talks
Favorites
- HTTP hlavičky, Subresource Integrity a spol. chrání vaše návštěvníky před bezpečnostními chybami
- XSS PHP CSP ETC OMG WTF BBQ, o Cross-Site Scriptingu a Content Security Policy
- Hlava není na hesla, použijte na ně raději password manager
- HTTPS, co, proč, jak, zač, nač, kdy, kde, s kým a proti komu
- Webová bezpečnost, popis několika základních útoků i méně známých triků
- Jak jsme zlepšili zabezpečení Slevomatu a jak byste měli udělat to samé
- Zahashovat heslo, uložit, …, profit!, o správném hashování hesel
Upcoming talks
Mizerowwwé
August 29, 2019, Čtvrtkon #83 (90 minutes)
Minority reports
September 21, 2019, WebExpo 2019 (40 minutes)
I'll happily do a talk at your event or conference, let me know!
Talks
Processing 600M requests per day with a bit of PHP, JS & USD
June 6, 2019, Cloud Native Prague Meetup #4 (45 minutes)
Vyhledávejte na netu jako MacGyver
May 30, 2019, Faster CZ Data & Security Workshop 2019 (60 minutes)
What if I told you browsers can tell servers they don't like the response
May 21, 2019, OWASP Czech Chapter Meeting (45 minutes)
Proč je potřeba HTTPS a šifrování
May 17, 2019, Fresenius Kabi 2019 (60 minutes)
XSS PHP CSP ETC OMG WTF BBQ
May 13, 2019, PHP Vysočina (60 minutes)
Me answering questions
Engage in Continual Learning to Advance your IT Career
May 3, 2019, IT Career Energizer
Michal Špaček z Report URI o smyslu práce, potenciálu i prokrastinaci
January 15, 2019, StartupJobs
Blokování webů a stránek
June 4, 2016, Český rozhlas Online Plus
Na 11. srazu Na volné noze
June 4, 2016, 11. sraz Na volné noze
Webový vývojář musí mít hackerské myšlení
May 30, 2016, Kyberbezpečnost.cz