Michal Špaček

I build web applications and I'm into web application security. I like to speak about secure development. My mission is to teach web developers how to build secure and fast web applications and why. (more about me, contact)

My trainings

And this is what they say about them: Originally, I've arranged Michal's training primarily for my colleagues because "of course I already know these things"... Michal has changed my mind in the first hour of the first day and continued to do so for the whole two days. Thanks to this training I finally understood some of the attack/defense concepts in full depth, and especially in the right context. — Jan Pospíšil, Senior PHP developer, Czech Radio

Public trainings

Come to my public trainings, everybody's welcome:

PHP application security June 2019 Praha2 days
HTTPS for developers and admins June 2019 Praha

Trainings in Prague are held regularly in the middle of March, June, September, and December, in other cities irregularly.

In-house trainings

Any public training can also be turned into an in-house training. As an extra, I offer these in-house-only courses:

Security for users

Looking for Introduction to PHP, Classes and objects in PHP? I've handed them over to Martin Hujer. I've discontinued Web application performance, Martin Michálek runs a similar training.

My articles

Slovak websites in the “Collection #1” password database and friends

January 23, 2019

passwords, cracking, hash, data leak

Yesterday I checked Czech websites in “Collection #1” and others (like “Collection #2” to “Collection #5”, “BigDB”), today I've checked Slovak sites. We're neighboring countries and historically have a lot in common, many Czech users have accounts on Slovak sites as well, so it seemed like a good idea.

January 22, 2019

passwords, cracking, hash, data leak

Last week was all about the 773 million records data breach, nicknamed “Collection #1”. It's a few years old compilation of previous data leaks but it's still interesting to check which Czech websites (and Slovak, too) are present in this and other databases (like “Collection #2” to “Collection #5”, “BigDB”).

November 7, 2018

Facebook, JavaScript, History API

Roughly two weeks ago, Facebook started adding a tracking parameter, fbclid (Facebook click id?), to all external links users share. And I didn't like it so I'm hiding it.

(read more…)

All articles

My talks

Favorites

HTTP hlavičky, Subresource Integrity a spol. chrání vaše návštěvníky před bezpečnostními chybami
XSS PHP CSP ETC OMG WTF BBQ, o Cross-Site Scriptingu a Content Security Policy
Hlava není na hesla, použijte na ně raději password manager
HTTPS, co, proč, jak, zač, nač, kdy, kde, s kým a proti komu
Webová bezpečnost, popis několika základních útoků i méně známých triků
Jak jsme zlepšili zabezpečení Slevomatu a jak byste měli udělat to samé
Zahashovat heslo, uložit, …, profit!, o správném hashování hesel

Upcoming talks

…at your event or conference, let me know!

Talks

If MacGyver was a search engine
March 19, 2019, Pipedrive Talks: Security by design (50 minutes)

Zámečky nikoho nezajímají
February 19, 2019, Cyber Security 2019 (40 minutes)

XSS PHP CSP ETC OMG WTF BBQ
January 14, 2019, PHP UserGroup Dresden Meetup I/2019 – CTF & Security (45 minutes)

Posilujeme defenzivu s Michalem Špačkem aneb Branky, body, bezpečnost
November 29, 2018, Livesport Talk VII (30 minutes)

Úniky dat, co to vůbec je a jak na ně reagovat
November 15, 2018, WebTop100 2018 (25 minutes)

All talks

Me answering questions

Michal Špaček z Report URI o smyslu práce, potenciálu i prokrastinaci
January 15, 2019, StartupJobs

Blokování webů a stránek
June 4, 2016, Český rozhlas Online Plus

Na 11. srazu Na volné noze
June 4, 2016, 11. sraz Na volné noze

Webový vývojář musí mít hackerské myšlení
May 30, 2016, Kyberbezpečnost.cz

Hlavní je používat hlavu, ale ne na hesla
May 3, 2016, Host Radiožurnálu

All interviews