Stream: implementers
Topic: DevDays Session: Hacking FHIR
Andrew Marcus (Nov 15 2018 at 10:30):
Asymmetrik is running a hands-on hacking session today (Nov 15) at 2:40pm in the Atrium. We've got a VM for you to download containing a not-quite-secure FHIR server along with a bunch of hacking tools (Kali, Wireshark, etc). Come help us break FHIR. :)
You can also download the exercise here and do it on your own time: https://www.fhirdevdays.com/amsterdam/wp-content/uploads/sites/2/2018/11/Exercise-Asymmetrik-Security-Exercise.pdf
If you miss it, come visit us at the table in the Atrium, or post questions here.
Grahame Grieve (Nov 15 2018 at 13:13):
remember there's a bounty for managing to get any security issues in the narrative past the FHIR validator (with the known exception of external image references)
Andrew Marcus (Nov 16 2018 at 07:54):
Have specific security questions about FHIR servers? Ask me here, and perhaps I can work them into my re-presentation at 14h today.
Grahame Grieve (Nov 16 2018 at 08:15):
yes, can you do me a favor and add 1 minute of security labels to your presentation?
Grahame Grieve (Nov 16 2018 at 08:15):
also, there's a section in your talk where it would be good to mention this: http://build.fhir.org/security.html#AccessDenied
Grahame Grieve (Nov 16 2018 at 08:16):
http://build.fhir.org/security.html#narrative mentions a couple of issues we didn't talk about
Last updated: Apr 12 2022 at 19:14 UTC
