Introduction security series & # 8211; Basic security for developers

Introduce

Security is a very expensive and complex issue. Nearly every system has vulnerabilities (both software and hardware), hackers can through these vulnerabilities to attack the system.

Securing the security system is the responsibility of many parties: Sys admin, network, manager and developer. Since I am not specialized in security , I am not familiar with network configuration, setting up a firewall, etc. so I will not slash the wind in this area. Instead, I will join you with the security aspect of a developer .

shutterstock_188832089

The knowledge in this series is very basic, easy to learn , but they will be extremely helpful, helping you avoid the "silly, basic" security mistakes when code. Whether you're C or C ++, Java C # or PHP code, you'll learn some useful things through this series.

Summary of series

The responsibility of the developer is to make sure that the code I write will not contain security errors (Don't let me be at Lotte Cinema !). In this series, we act as hackers to attack the system we write. Through it, we will learn about common security vulnerabilities when code and how to fix bugs.

Some issues mentioned in the series (Will be updated later):

  • The danger of using HTTP. Why use HTTPS to transfer data.
  • How dangerous is the XSS security vulnerability.
  • Storing cookies – The idea of ​​not harming anyone is unbelievable
  • Hide server information – Avoid the eyes of people and bad guys
  • Modify the param – Never trust "users"
  • SQL Injection – Divine security vulnerability
  • Cross Site Attack – The spectacular trick
  • Password management – Ideas are easy to eat and not simple

Most of these security bugs have been prevented in frameworks. However, many websites still suffer from some silly … or silly developer mistakes. Therefore, follow the series and try to apply this knowledge to the code to avoid sticking with these errors.

Internet Security System
Internet Security System

This is a series of security guides for developers , not a guide to hackers . The knowledge in the series helps you code, helps you patch, and doesn't help you attack other systems or deceive users. Do you want to learn about the security education can find Juno_okyo security god .

Prepare "toys"

No need to prepare too many complicated "toys", you just need some basic software:

  • Google Chrome Developer Tool : This Developer Tool comes with Google Chrome, supports you in debugging, fixing bugs, running JavaScript and … attacking Website =))).
  • Add-on EditThisCookie : Use to reverse and edit cookies.
  • Fiddler : This software is a web-proxy, supporting you to check HTTP requests from the server to the server, measuring performance, checking security, Man In The Middle attack simulator, ….

Some other tools will be introduced later.

Warning!

Before teaching martial arts, the master always told his disciples that: Studying martial arts was to strengthen the body and practice, to help with life, not to go to bully the weak. Before starting the series, I would like to recommend the same thing: Learn security to build a better security system , to help other systems, not to hack or destroy.

For moral reasons, if you find errors in other systems, you should inform the administrator not to sabotage. The boundary between "understanding vulnerabilities" and "sabotage" is very fragile. With important systems. You can be prosecuted to go to jail to remove the calendar for the ass hole to bloom but not to play: v.

One thing I will repeat throughout the series is: Never trust users !! Do not trust what users enter, do not think the user does not know how to fix javascript , do not know how to play around. In the name of users, hackers have to go all the way to attack the system. Remember it!

This series references the Hack Yourself First course on pluralsight and some other sources. This series has subtitles so it's easy to learn, you can learn English quite well.

ITZone via toidicodedao

Share the news now