New course "Analysis of web project security" on Stepic
To the attention of all novice developers who want to create not only beautiful and interesting, but also secure services: On September 10, Stepic will open a new course on the Mail.Ru Technopark program “Analysis of Web Project Security”. Technopark teacher Yaroslav Rabovolyuk will talk about how attackers approach hacking services and how to prevent them from doing this. Also, students under the strict guidance of the teacher themselves will try their hand at hacking the server. To catch a criminal, you need to think like a criminal. In general, it will not be boring!
The general course program:
1. Information gathering
1.2 DNS / Whois
1.3 Search engines
1.5 Active analysis: port scanning
2. Entry points
2.1 U2: introduction
2.2 HTTP parameters
2.4 Presentation of data
3. Web vulnerabilities
3.1 Analysis cycle
3.2 Data disclosure
3.3 File local inclusion
3.4 Command injection
3.5 SQL injection
For students to complete the course, they need to have some basic knowledge:
- What is hypertext markup language?
- how client-server interaction is implemented;
- What is TCP / IP?
In principle, you do not need to use any special software to take the course. But you might want to go beyond the limits of the course program and experiment. For this, we recommend using a laboratory configured in a virtual environment. Detailed instructions for deploying a laboratory environment will be given in the appropriate class, as long as it is possible to install these tools and get comfortable with them:
Distribution Kali Linux. This assembly was created to solve information security audit tasks. There is almost everything that you may need during training: tools, dictionaries, pre-configured services. ISO images for creating boot disks / usb flash media are available via the link, but they can also be used to create a virtual machine. In addition, you can use ready-made VM images . As a virtual machine, you can recommend VirtualBox . Metasploitable
distribution . It is available in the form of an image for a virtual machine, which, as it were, hints at the fact that it is highly recommended not to publicize this system.
So, if you want to gain knowledge in the field of web security in order to create much more secure products in the future, sign up ! The link will be available on September 10th.