New course "Analysis of the safety of web projects" on Stepic

To the attention of all novice developers who want to create not only beautiful and interesting, but also protected services: on September 10, a new course on the Mail.Ru Technopark “Web Security Analysis” program will open on Stepic . Technopark teacher Yaroslav Rabovolyuk tells how attackers approach hacking services and how not to let them do it. Also, students under the guidance of a teacher will try their hand at hacking the server. To catch a criminal, you need to think like a criminal. In general, it will not be boring!

General course program:

1. Collection of information
1.1 Introduction
1.2 DNS / Whois
1.3 Search engines
1.4 Content
1.5 Active Analysis: Port Scan
')
2. Entry points
2.1 U2: introduction
2.2 HTTP parameters
2.3 Tools
2.4 Data Presentation

3. Web vulnerabilities
3.1 Analysis cycle
3.2 Data disclosure
3.3 Local File Inclusion
3.4 Team injection
3.5 SQL injection

To succeed in the course, students must have some basic knowledge:

• what is a hypertext markup language;
• how client-server interaction is implemented;
• what is TCP / IP.

In principle, no special software is required to complete the course. But you may want to go beyond the limits of the course program and experiment. For this, we recommend using a lab configured in a virtual environment. We will provide detailed instructions on the deployment of the laboratory environment in the appropriate lesson, but in the meantime, you can install and familiarize yourself with these tools:

Distribution Kali Linux . This assembly is designed to meet the challenges of information security auditing. There is almost everything that you may need during training: tools, dictionaries, pre-configured services. The link provides ISO images for creating bootable usb flash disks / media, but they can also be used to create a virtual machine. In addition, you can use ready-made VM images . VirtualBox can be recommended as a virtual machine.

Distribution Metasploitable . It is available as an image for a virtual machine, which, as it were, hints at the fact that it is not recommended to put this system in public access.

So, if you want to gain knowledge of web security in order to create much more secure products in the future, sign up ! The link will be available on September 10th.