Gain insights into effective security techniques including patching, cryptography, and phishing prevention. Explore practices to make systems resistant and vulnerabilities more detectable, enhancing defense against attacks.

docker.tar.gz

network-commands

node

It seems like hardly a week goes by without a high-profile computer breach. Why do these happen? How can you prevent them? This course doesn’t have all the answers, but it does outline practices that make life harder for attackers and that will help tide you over until you get a full-time security team in place.

In this course, you will learn 5 simple, yet effective, techniques for preventing attackers from getting into your system. These techniques are related to: patching, software vulnerabilities, cryptography, windows security, and phishing. Within each chapter you will learn the best practices for preventing vulnerabilities and how to make them more detectable. 

This course is based on the Pragmatic Programmers’ book, Practical Security, and is aimed at developers, admins, team leads, architects, technology generalists, and all others who stand guard against the things that disrupt the network.

Practical Security: Simple Practices for Defending Your Systems

## Suggested reading
We’ve covered just some of the basics here. If you’d like to dig in deeper, I recommend reading the following:
- “[The Basics of Web Application Security](https://martinfowler.com/articles/web-security-basics.html)” by Martin Fowler: This article is a concise, general guide on how to write secure web-
based software.
- [Pushing Left, Like a Boss](https://code.likeagirl.io/pushing-left-like-a-boss-part-1-80f1f007da95): A great series of blog posts on how to adopt strong security practices
earlier in the development cycle.
- [DataSploit](https://github.com/DataSploit/datasploit): If you want to dig into what information is publicly available about the domains that your organization controls, take a look at DataSploit. This is an open-source tool that queries a number of public repositories of information, including Shodan and Censys. It’s designed to be used manually, but it also works nicely when called automatically. Scheduling it to run automatically on a regular basis and saving the output can give you a picture of how your public footprint has changed over time.


## What’s next?
As we look back on the vulnerabilities we covered in this chapter, we see two main classes of vulnerabilities. In the first, an attacker is able to inject code of their own choosing into the system. In the second, operators accidentally leave the system in an insecure state.

Interestingly, the defense for both looks fairly similar. First, we make a one-time effort to find the vulnerabilities and fix them. We then layer on automated defenses to prevent mistakes from reintroducing the vulnerability. As teams and systems grow larger and older, we want to have more than vigilance keeping us from introducing vulnerabilities into the system; we want the system to prevent vulnerabilities from being introduced.

In our next chapter, we’ll take a look at how we can use cryptography to secure the systems we build. We’ll also see how seemingly small mistakes can let an attacker break weak cryptography. Just like how a seemingly small flaw in our SQL allowed an attacker to bypass permission checks earlier in this chapter, seemingly small flaws in cryptography can leave our systems unprotected.

---
Let's get right into it!

# Suggested reading
We’ve covered just some of the basics here. If you’d like to dig in deeper, I recommend reading the following:
- “[The Basics of Web Application Security](https://martinfowler.com/articles/web-security-basics.html)” by Martin Fowler: This article is a concise, general guide on how to write secure web-
based software.
- [Pushing Left, Like a Boss](https://code.likeagirl.io/pushing-left-like-a-boss-part-1-80f1f007da95): A great series of blog posts on how to adopt strong security practices
earlier in the development cycle.
- [DataSploit](https://github.com/DataSploit/datasploit): If you want to dig into what information is publicly available about the domains that your organization controls, take a look at DataSploit. This is an open-source tool that queries a number of public repositories of information, including Shodan and Censys. It’s designed to be used manually, but it also works nicely when called automatically. Scheduling it to run automatically on a regular basis and saving the output can give you a picture of how your public footprint has changed over time.


# What’s next?
As we look back on the vulnerabilities we covered in this chapter, we see two main classes of vulnerabilities. In the first, an attacker is able to inject code of their own choosing into the system. In the second, operators accidentally leave the system in an insecure state.

Interestingly, the defense for both looks fairly similar. First, we make a one-time effort to find the vulnerabilities and fix them. We then layer on automated defenses to prevent mistakes from reintroducing the vulnerability. As teams and systems grow larger and older, we want to have more than vigilance keeping us from introducing vulnerabilities into the system; we want the system to prevent vulnerabilities from being introduced.

In our next chapter, we’ll take a look at how we can use cryptography to secure the systems we build. We’ll also see how seemingly small mistakes can let an attacker break weak cryptography. Just like how a seemingly small flaw in our SQL allowed an attacker to bypass permission checks earlier in this chapter, seemingly small flaws in cryptography can leave our systems unprotected.

---
Let's get right into it!

Introduction

Patching

Vulnerabilities

Cryptography

Windows

Phishing

What’s Next?

Suggested reading