Skip to content
Additional Resources For Securing The Stack Tutorials
JavaScript HTML CSS Shell Dockerfile Ruby
Branch: master
Clone or download

README.org

TL;DR

  • Securing The Stack (StS) provides developers with concise information security tutorials
  • Go to Securing The Stack and watch a tutorial :)

Table Of Contents

Securing The Stack (StS) Core Values

Developer-Focused

  • StS provides developers with information security tutorials
  • Tutorials are aimed at developers who have beginning/intermediate security knowledge

Learning-By-Doing

  • Most tutorials provide a local environment for developers to practice what they’ve learned
  • Every example is based on real world threats

Concise

  • Most tutorials are less than 15 minutes
  • If desired, a developer can go more in-depth via a tutorial’s Additional Resources section
    • E.g., TUTORIAL_NAME/readme.md#additional-resources

Frequent

  • Multiple releases per month
    • Starting Jan 2018

Multi-Disciplinary

  • While coding examples are written in Javascript, most tutorials will link to additional resources for developers who want to explore the topic from other languages
    • This with can be found at TUTORIAL_NAME/readme.md#additional-resources
    • Where possible, additional resources will be available for: Python, Java, Ruby, PHP, Javascript

Intuitive

  • Each tutorial contains a Knowledge Dependency Tree that allows a developer to quickly identify gaps in knowledge
    • This is essentially a granular prerequisite list (but even better) :)
    • This with can be found at TUTORIAL_NAME/readme.md#knowledge-dependency-tree

Environment Setup/Navigation

  1. Download docker
    1. NOTE: If you’re on Windows, please setup your environment to support linux-based containers
  2. git clone git@github.com:SecuringTheStack/tutorials.git
  3. cd tutorials
  4. cd into a tutorial’s directory
    • Each coding example should contain the directory within the comments
    • Ex: // File: ep9-injection-fundamentals-part-1/src/1/app.js
      • So we would cd ep9-injection-fundamentals-part-1
  5. Bootstrap the example
    • Run the shell command that you see in the slides
    • Ex: EX_NUM=1 docker-compose up
    • Whenever you change the File (from step 4), the container will automatically refresh

Errors

  • To easily see if an error has been previously reported
    1. Find the tutorial’s directory within this repo
    2. Review the readme.md’s Error Log section

Error is NOT related to a tutorial’s code/configs

  1. Find the tutorial’s directory within this repo
  2. Review readme.md and find the slide with the error
  3. Add a FIXED-ERROR bullet under the problematic text
    • As a sub-bullet of FIXED-ERROR, explain the correction

Error IS related to a tutorial’s code/configs

  1. Find the tutorial’s directory within this repo
  2. Find the erroneous file
  3. Submit a PR with the fix
    1. Make a comment above your fix with a brief description of the change
    2. Prepend FIXED-ERROR to this comment
  4. Do a global search to find other areas that might have this error

Additional Help

  • Feel free to open an issue

TOS

Limit of Liability/Disclaimer of Warranty: The information in this site is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, the author shall NOT have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it.

You can’t perform that action at this time.