Skip to content
Additional Resources For Securing The Stack Tutorials
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github
ep1-ethical-google-hacking
ep10-injection-fundamentals-part-2
ep11-injection-fundamentals-part-3
ep12-clickjacking
ep13-clipboard-attacks
ep14-nosqli-beginner-to-bson-injection
ep15-nosqli-query-object-injection
ep16-nosqli-blind-injection
ep17-nosql-injection-waf-evasion-fundamentals
ep18-input-validation-with-joi-part1
ep19-input-validation-with-joi-part-2
ep2-sanitizing-application-logs
ep3-same-origin-policy
ep4-reflected-xss
ep5-persistent-xss
ep6-dom-xss
ep7-exploiting-dev-envs-part-1
ep8-exploiting-dev-envs-part-2
ep9-injection-fundamentals-part-1
.eslintrc
.gitignore
.jsbeautifyrc
README.org

README.org

TL;DR

  • Securing The Stack (StS) provides developers with concise information security tutorials
  • Go to Securing The Stack and watch a tutorial :)

Table Of Contents

Securing The Stack (StS) Core Values

Developer-Focused

  • StS provides developers with information security tutorials
  • Tutorials are aimed at developers who have beginning/intermediate security knowledge

Learning-By-Doing

  • Most tutorials provide a local environment for developers to practice what they’ve learned
  • Every example is based on real world threats

Concise

  • Most tutorials are less than 15 minutes
  • If desired, a developer can go more in-depth via a tutorial’s Additional Resources section
    • E.g., TUTORIAL_NAME/readme.md#additional-resources

Frequent

  • Multiple releases per month
    • Starting Jan 2018

Multi-Disciplinary

  • While coding examples are written in Javascript, most tutorials will link to additional resources for developers who want to explore the topic from other languages
    • This with can be found at TUTORIAL_NAME/readme.md#additional-resources
    • Where possible, additional resources will be available for: Python, Java, Ruby, PHP, Javascript

Intuitive

  • Each tutorial contains a Knowledge Dependency Tree that allows a developer to quickly identify gaps in knowledge
    • This is essentially a granular prerequisite list (but even better) :)
    • This with can be found at TUTORIAL_NAME/readme.md#knowledge-dependency-tree

Environment Setup/Navigation

  1. Download docker
    1. NOTE: If you’re on Windows, please setup your environment to support linux-based containers
  2. git clone git@github.com:SecuringTheStack/tutorials.git
  3. cd tutorials
  4. cd into a tutorial’s directory
    • Each coding example should contain the directory within the comments
    • Ex: // File: ep9-injection-fundamentals-part-1/src/1/app.js
      • So we would cd ep9-injection-fundamentals-part-1
  5. Bootstrap the example
    • Run the shell command that you see in the slides
    • Ex: EX_NUM=1 docker-compose up
    • Whenever you change the File (from step 4), the container will automatically refresh

Errors

  • To easily see if an error has been previously reported
    1. Find the tutorial’s directory within this repo
    2. Review the readme.md’s Error Log section

Error is NOT related to a tutorial’s code/configs

  1. Find the tutorial’s directory within this repo
  2. Review readme.md and find the slide with the error
  3. Add a FIXED-ERROR bullet under the problematic text
    • As a sub-bullet of FIXED-ERROR, explain the correction

Error IS related to a tutorial’s code/configs

  1. Find the tutorial’s directory within this repo
  2. Find the erroneous file
  3. Submit a PR with the fix
    1. Make a comment above your fix with a brief description of the change
    2. Prepend FIXED-ERROR to this comment
  4. Do a global search to find other areas that might have this error

Additional Help

  • Feel free to open an issue

TOS

Limit of Liability/Disclaimer of Warranty: The information in this site is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, the author shall NOT have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.