The prevalence of online attacks against websites has accelerated quickly in recent years and the same risks continue to be readily exploited. However, these are very often easily identified directly within the browser; it's just a matter of understanding the vulnerable patterns to look for. This course comes at security from the view of the attacker in that their entry point is typically the browser. They have a website they want to probe for security risks â€“ this is how they go about it. This approach is more reflective of the real online threat than reviewing source code is and it empowers developers to begin immediately assessing their applications even when they're running in a live environment without access to the source. After all, that's what online attackers are doing.
What will I learn in this course?
In this course we will identify cyber security risks and vulnerabilities by attacking and hacking into your own website. You will learn about:
Transport Layer Protection
Cross Site Scripting (XSS)
Internal Implementation Disclosure
SQL Injection & testing for injection risks
Cross Site Attacks & anti-forgery tokens
Who is this course for?
This course is for anyone who wants to learn how to hack and improve the security of their code. However, the course is mostly geared towards web developers, not security pros or penetration testers.
What tools will we be using in this course?
We will be heavily using Chrome's developer tools. We will also use Fiddler and some SQL.
Are there prerequisites for this course?
Because this course is geared mostly towards web developers, you should be familiar with web development practices and the tools and environments commonly used in web development.
Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.