TL;DR
- Securing The Stack (StS) provides developers with concise information security tutorials
- Go to Securing The Stack and watch a tutorial :)
Table Of Contents
Securing The Stack (StS) Core Values
Developer-Focused
- StS provides developers with information security tutorials
- Tutorials are aimed at developers who have beginning/intermediate security knowledge
Learning-By-Doing
- Most tutorials provide a local environment for developers to practice what they’ve learned
- Every example is based on real world threats
Concise
- Most tutorials are less than 15 minutes
- If desired, a developer can go more in-depth via a tutorial’s
Additional Resources
section- E.g.,
TUTORIAL_NAME/readme.md#additional-resources
- E.g.,
Frequent
- Multiple releases per month
- Starting Jan 2018
Multi-Disciplinary
- While coding examples are written in Javascript, most tutorials will link to
additional resources for developers who want to explore the topic from
other languages
- This with can be found at
TUTORIAL_NAME/readme.md#additional-resources
- Where possible, additional resources will be available for: Python, Java, Ruby, PHP, Javascript
- This with can be found at
Intuitive
- Each tutorial contains a
Knowledge Dependency Tree
that allows a developer to quickly identify gaps in knowledge- This is essentially a granular prerequisite list (but even better) :)
- This with can be found at
TUTORIAL_NAME/readme.md#knowledge-dependency-tree
Environment Setup/Navigation
- Download docker
- NOTE: If you’re on Windows, please setup your environment to support linux-based containers
git clone [email protected]:SecuringTheStack/tutorials.git
cd tutorials
cd
into a tutorial’s directory- Each coding example should contain the directory within the comments
- Ex:
// File: ep9-injection-fundamentals-part-1/src/1/app.js
- So we would
cd ep9-injection-fundamentals-part-1
- So we would
- Bootstrap the example
- Run the shell command that you see in the slides
- Ex:
EX_NUM=1 docker-compose up
- Whenever you change the
File
(from step 4), the container will automatically refresh
Errors
- To easily see if an error has been previously reported
- Find the tutorial’s directory within this repo
- Review the
readme.md
’sError Log
section
Error is NOT related to a tutorial’s code/configs
- Find the tutorial’s directory within this repo
- Review
readme.md
and find the slide with the error - Add a
FIXED-ERROR
bullet under the problematic text- As a sub-bullet of
FIXED-ERROR
, explain the correction
- As a sub-bullet of
Error IS related to a tutorial’s code/configs
- Find the tutorial’s directory within this repo
- Find the erroneous file
- Submit a PR with the fix
- Make a comment above your fix with a brief description of the change
- Prepend
FIXED-ERROR
to this comment
- Do a global search to find other areas that might have this error
Additional Help
- Feel free to open an issue
TOS
Limit of Liability/Disclaimer of Warranty: The information in this site is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, the author shall NOT have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it.