I like to program, and I like info sec. So of course I’m interested in writing secure code. I like breaking things, but I prefer to do it on purpose. There are a lot of places you can learn to code (see some of the sites I like here). A lot of the time you can solve challenges in multiple ways, some of which are very lacking in the security department. While that’s not a big deal when you are doing small coding challenges, you do want to learn how to do things securely as much as possible. But where to start?
I’ve found Hacksplaining to be a really nice place to learn about vulnerabilities, how they work, and how to protect your code from having some of the most common vulnerabilities.
My favorite part of the website is the exercises. You can step through different kinds of attacks to see exactly what’s going on. You are able to see how an attacker would use the vulnerability and what is going on with the code that allows the vulnerability to be exploited. Once you’ve stepped through the exercises a few times, you should have a pretty solid understanding of what’s going on. Then you can check out the prevention section for the vulnerability to see how to defend against it. If you want, you can also take a short quiz to check your understanding.
You do have to have an account to access all of the lessons, but the accounts are free. There’s also a nice glossary to help if you blank on a word or phrase.
So check it out, and let me know if you have any great secure coding resources I should check out.
Hacksplaining in brief…
- Learn how to write more secure code
- Exercises to see how it works
- Prevention to learn how to avoid it
- Quiz to check your understanding
- Glossary to check terms