role-iq-logo
Rock [Azure]
See all Azure roles

Hack Yourself First: How to go on the Cyber-Offense

"Hack Yourself First" is all about developers building up cyber-offense skills and proactively seeking out security vulnerabilities in their own websites before an attacker does.
Course info
Rating
(880)
Level
Intermediate
Updated
Aug 30, 2013
Duration
9h 25m
Table of contents
Introduction
Transport Layer Protection
Cross Site Scripting (XSS)
Cookies
Internal Implementation Disclosure
Parameter Tampering
SQL Injection
Cross Site Attacks
Account Management
Description
Course info
Rating
(880)
Level
Intermediate
Updated
Aug 30, 2013
Duration
9h 25m
Description

The prevalence of online attacks against websites has accelerated quickly in recent years and the same risks continue to be readily exploited. However, these are very often easily identified directly within the browser; it's just a matter of understanding the vulnerable patterns to look for. This course comes at security from the view of the attacker in that their entry point is typically the browser. They have a website they want to probe for security risks – this is how they go about it. This approach is more reflective of the real online threat than reviewing source code is and it empowers developers to begin immediately assessing their applications even when they're running in a live environment without access to the source. After all, that's what online attackers are doing.

Course FAQ
Course FAQ
What will I learn in this course?

In this course we will identify cyber security risks and vulnerabilities by attacking and hacking into your own website. You will learn about:

  • Transport Layer Protection
  • Cross Site Scripting (XSS)
  • Secure cookies
  • Internal Implementation Disclosure
  • Parameter tampering
  • SQL Injection & testing for injection risks
  • Cross Site Attacks & anti-forgery tokens
  • Much more
Who is this course for?

This course is for anyone who wants to learn how to hack and improve the security of their code. However, the course is mostly geared towards web developers, not security pros or penetration testers.

What tools will we be using in this course?

We will be heavily using Chrome's developer tools. We will also use Fiddler and some SQL.

Are there prerequisites for this course?

Because this course is geared mostly towards web developers, you should be familiar with web development practices and the tools and environments commonly used in web development.

About the author
About the author

Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.

More from the author
Ethical Hacking: Denial of Service
Beginner
2h 49m
Sep 17, 2019
Ethical Hacking: SQL Injection
Beginner
5h 25m
Sep 16, 2019
Ethical Hacking: Session Hijacking
Beginner
3h 27m
Sep 16, 2019
More courses by Troy Hunt