In the wake of all the recent hacks, I've been talking to my good friend Jon Rose about how we can all protect ourselves better. You see, he's been brought in to lock down web security at companies like PayPal and Bank of America for over 12 years, and he knows all the tricks of the trade.
Well, I asked him if he'd be interested in taking the stuff he normally does for all these companies (and charges 100s of thousands of dollars for) and bringing it to One Month exclusively for you guys (and way cheaper).
These days it seems like every major company is getting hacked including: Home Depot, Target, iCloud, and many more. The problem is... many of these attacks could’ve been prevented. And that’s exactly what Jon is going to teach you in One Month’s first course for hackers.
Introducing One Month Web Security... An ethical hacking course for web developers.
What am I going to learn in this course?
You'll learn the tricks and techniques that hackers’ use to break into web applications and the defensive coding techniques that should be implemented to protect your site from attacks. At the end of the course, you will be able to review your own applications for security issues and ensure the code is properly hardened against malicious attacks. You will also be able to design new applications with security in mind, significantly lowering the risk and cost associated with deploying new applications.
This course is designed to cover security principals and can be applied to any language. Language-specific code examples will be provided for Ruby on Rails applications.
Who should take this course?
- Rails developers of any skill level.
- Quality Assurance and application testers.
- Anyone who writes web applications that will run on the internet.
What is the project we’ll be working on?
We will be working on a demo HR application, One Month Simple, that provides time tracking, vacation planning, direct deposit, and other HR-related functionality. The demo application has a number of security weaknesses built-in. We will use hacking techniques to identify and exploit these security weaknesses, then update the application code to protect against these attacks. Each student will run the application on his/her own system, learning the hacking tools, techniques, and security code fixes throughout the course.
What are other students saying about this course and this instructor?
“Jon has pitch-perfect presentation skills, and a keen ability to translate technical concepts and lingo into plain English that even the most oblivious student can understand. Everyone on the planet should take this introduction to the development process. I wish I had found it ages ago - it might have taken my career in a different direction." -- Student from Programming for Non-Programmers
"I now have a working understanding of programming that I did not have before your class. I know the names of the languages, what they are used for, and when someone would use them. I also have a clearer understanding of workflow and how a project goes from idea to completion. Don't be surprised if you see me again at a future class." -- Student from Programming for Non-Programmers
“Overall, this was a good class. The demos were great and very eye-opening. I like to think that I am a security-conscious person, but I also know that I lack the knowledge to be thorough.”
-- Student from Secure Application Development
What are the requirements/prerequisites for this course?
This class is designed as an introduction to security, so it is perfect for a developer of any skill level with:
- Basic knowledge of Ruby on Rails
- Basic understanding of SQL
What does a Web Security professional do?
Web Security professionals help companies protect against attacks by reviewing applications for security weaknesses, including code reviews and penetration testing (hacking), as well as working with developers to understand common attacks and insecure coding practices. They also work with operations teams to ensure ongoing systems are protected and help monitor and analyze suspicious network traffic.
As an absolute beginner, what can I expect to accomplish in the first month of Web Security training?
- You will be able to review any code you have written for common vulnerabilities, such as SQL injection and Cross-Site Scripting.
- You will be able to use popular security testing tools to identify security bugs in applications.
- Next time you hear about a hack on the news, you will understand the underlying technical details – impress your friends and bosses!
If I only had 3 minutes, how would you sell me on WHY I should learn Web Security?
No one wants to be responsible for code that fails to work properly, especially if the code you write exposes a security hole and leads to your company or your customers being hacked. Anything running on the internet is constantly being probed and tested by hackers. Without understanding the basics of security, it’s just a matter of time before your code is broken. Understanding the fundamentals of security will give you a deeper insight into how different technology stacks work, making you a better developer and a more valuable resource to businesses. Security skills will help you push your career to the next level and distinguish you from the millions of other rails developers in the world.
If I was willing to put in only 60 minutes of work, what could you teach me about Web Security that I could actually use?
I’d teach you the most common hacking tool, a web proxy, how to use it, and how you can debug and hack into websites. I’d provide a high level view of the most common web application attacks, how to find them, and how to fix them. With your new hacking skills, you will find it hard to stop after just 60 minutes because the way you look at web sites will have been forever changed.