Have you heard? Apparently we’ve created a dreadfully insecure internet with vulnerabilities reaching so far and so wide that literally anything is obtainable online through covert methods. Often this involves the now very well-known yet frequently present classic exploits – SQL injection, cross site scripting and others – but now we’re also seeing new attacks against security defences such as two factor authentication. In this session I’ll take you through how the risks we, as developers, are building into web sites and APIs can be easily exploited to gain access to everything from credit cards to credentials to control of commercial facilities. For many people, they’ll be stunned at the simplicity of the risks that continue to be exploited whilst for others, risks they never knew existed will be exposed, decomposed and most importantly, the mitigation will be shown. This session recreates real world examples of attacks against airlines, ticketing systems, hotels and transportation services – enough that someone literally could hack themselves all the way around the world to Norway. It’s not a theoretical exercise; these are real world attacks by real world hackers laid bare.