Skip to content


Repository files navigation


  • Securing The Stack (StS) provides developers with concise information security tutorials
  • Go to Securing The Stack and watch a tutorial :)

Table Of Contents

Securing The Stack (StS) Core Values


  • StS provides developers with information security tutorials
  • Tutorials are aimed at developers who have beginning/intermediate security knowledge


  • Most tutorials provide a local environment for developers to practice what they’ve learned
  • Every example is based on real world threats


  • Most tutorials are less than 15 minutes
  • If desired, a developer can go more in-depth via a tutorial’s Additional Resources section
    • E.g., TUTORIAL_NAME/


  • Multiple releases per month
    • Starting Jan 2018


  • While coding examples are written in Javascript, most tutorials will link to additional resources for developers who want to explore the topic from other languages
    • This with can be found at TUTORIAL_NAME/
    • Where possible, additional resources will be available for: Python, Java, Ruby, PHP, Javascript


  • Each tutorial contains a Knowledge Dependency Tree that allows a developer to quickly identify gaps in knowledge
    • This is essentially a granular prerequisite list (but even better) :)
    • This with can be found at TUTORIAL_NAME/

Environment Setup/Navigation

  1. Download docker
    1. NOTE: If you’re on Windows, please setup your environment to support linux-based containers
  2. git clone
  3. cd tutorials
  4. cd into a tutorial’s directory
    • Each coding example should contain the directory within the comments
    • Ex: // File: ep9-injection-fundamentals-part-1/src/1/app.js
      • So we would cd ep9-injection-fundamentals-part-1
  5. Bootstrap the example
    • Run the shell command that you see in the slides
    • Ex: EX_NUM=1 docker-compose up
    • Whenever you change the File (from step 4), the container will automatically refresh


  • To easily see if an error has been previously reported
    1. Find the tutorial’s directory within this repo
    2. Review the’s Error Log section

Error is NOT related to a tutorial’s code/configs

  1. Find the tutorial’s directory within this repo
  2. Review and find the slide with the error
  3. Add a FIXED-ERROR bullet under the problematic text
    • As a sub-bullet of FIXED-ERROR, explain the correction

Error IS related to a tutorial’s code/configs

  1. Find the tutorial’s directory within this repo
  2. Find the erroneous file
  3. Submit a PR with the fix
    1. Make a comment above your fix with a brief description of the change
    2. Prepend FIXED-ERROR to this comment
  4. Do a global search to find other areas that might have this error

Additional Help

  • Feel free to open an issue


Limit of Liability/Disclaimer of Warranty: The information in this site is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, the author shall NOT have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it.