The prevalence of online attacks against websites has accelerated quickly in recent years and the same risks continue to be readily exploited. However, these are very often easily identified directly within the browser; it's just a matter of understanding the vulnerable patterns to look for. This course comes at security from the view of the attacker in that their entry point is typically the browser. They have a website they want to probe for security risks â€“ this is how they go about it. This approach is more reflective of the real online threat than reviewing source code is and it empowers developers to begin immediately assessing their applications even when they're running in a live environment without access to the source. After all, that's what online attackers are doing.
What will I learn in this course?
In this course we will identify cyber security risks and vulnerabilities by attacking and hacking into your own website. You will learn about:
Transport Layer Protection
Cross Site Scripting (XSS)
Internal Implementation Disclosure
SQL Injection & testing for injection risks
Cross Site Attacks & anti-forgery tokens
Who is this course for?
This course is for anyone who wants to learn how to hack and improve the security of their code. However, the course is mostly geared towards web developers, not security pros or penetration testers.
What tools will we be using in this course?
We will be heavily using Chrome's developer tools. We will also use Fiddler and some SQL.
Are there prerequisites for this course?
Because this course is geared mostly towards web developers, you should be familiar with web development practices and the tools and environments commonly used in web development.
Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.
Introduction Hi, my name is Troy Hunt and I'd like to welcome you to my course on Hack Yourself First, which is all about how web developers can go on the offense before online attackers do. Let me give you a bit of an overview of some of the things we're going to cover in this course. The first thing I'd like to make really clear is that this course is for web developers. It's not aimed at security professionals such as penetration testers. This is for developers that want to understand how to increase the security position of their own code. So everything we're going to look at in this course is going to use tools and environments that are very familiar to many developers. After all once you learn how to hack yourself first, you're the guys who then need to go back and improve the security position. Now one thing that I really wanted to focus on in this course is to make it platform agnostic. And what I mean by that is that it doesn't matter what service side web framework you're developing on, this course is relevant across all of them. If your web application loads over HTTP and returns angle brackets, this course is for you. Now of course how you mitigate the specific risks that we find throughout this course will depend on your technology stack. So I'm going to talk about the sort of behaviors that you can observe that have security risks, and then I'm going to show you how the website should behave once those security risks are rectified, but the execution of how you do that may differ between technology stacks. If you are an ASP. NET developer, I do have another course on Pluralsight called the OWASP Top 10 for. NET developers. And that comes at security from the other angles, so it actually starts at the development side and looks at secure coding practices. So if you're a. NET developer, go and check out that course. And in fact, if you work with any other technology stack, there's still a lot of relevance in that course for you, but the semantics of the implementation may differ slightly in your chosen framework.