workshops are kind of like talks, with the little but fundamental difference, that there is some kind of interaction between the speaker and the audience. This allowes the "audience" which are mostly called participants to actually try stuff hands on.
I kind of like workshops, as just watching a talk can be rather boring, but a workshop can also become quite weird if there isn't any real plan.
One thing that set's workshops apart from talks is the size: talks can be done at an arbitrary scale, while workshops are limited in the amount of participants: to many and the interaction between the speaker and the participants and between the participants themselves isn't ideal.
I'd say workshops can be done to a scale of about 10 people, but this varies a lot depending of the size, the knowledge the participants already have, the kind of workshop and other factors.
Workshops at events such as Easterhegg, GPN and CCCamp have also shown: you *can* have a workshop with 70 people, but it differs greatly from others, these workshops tend to be more of a "fiddle around and find out how it works yourself", with of course some kind of mentor that can help, but only as well as you can actually help 70 people. What happens is that small groups form and help each other (which is great!), thus the workshop should be somehow prepared such as for this to be possible.
Heap exploitation is one of the topic you can spend an ethernity on, so we're starting slowly with a series of 15-20 workshops going from the very basics to diving deep into the depts of varios heap related topics.
Web application security is a wide field with interesting topics. Let's go through them so everyone can have a change at understanding the issues and how to fix them.
Cryptography can be fun, if you understand it. In this series of workshops, we'll teach the basics of the thing's that might be of interest in cryptography and break some stuff on the way.
