Written by Gábor Pék
How to get started in computer security? I think this is the first question that people raise when they are about to learn computer security. Here is a good answer from Parisa Tabriz, computer security expert at Google.
Back in time, this was my first question as well, because I was amazed by the huge range of interesting topics I wanted to dig into deeper. The rabbit hole, however, is really deep and if you cannot focus enough you’ll get lost easily. That’s why I believe that guidance and diligence are the keys to master a certain aspect of computer security. Guidance comes from friends, blogs, online courses, classrooms, IRC and so on, but diligence must come from you. You have to push yourself beyond your limits with continuous deliberate practice. You have to start right now, because this is the right moment.
Yes, your hands will be dirty, but this is the cost of the knowledge you envisioned.
Start education with Avatao!
We, the team at Avatao, raised the bar high, too. We are inviting you for a journey by releasing a new security challenge with a small guidance on Tuesdays.
These Avatao Tuesday challenges will give you insight into different topics to show you how exciting computer security can be. The only thing you need is determination even if you are entirely new to this area. We will give you hints and recommended readings if you are entirely lost.
First Avatao Tuesday
All right, it’s high-time to get started.
Our very first challenge is about the notorious Cross-Site Scripting (XSS) attack. XSS allows attackers to inject malicious client-side scripts into benign websites. The next time when a victim user visits the affected site this malicious script is executed in his/her browser. As the browser cannot make difference between legitimate and malicious scripts, these scripts can access session tokens, cookies or other sensitive information. This way, an attacker can hijack identities or even rewrite HTML pages. The problem mainly stems from the lack of proper input validation.
For more information, read the corresponding tutorial on OWASP
All right, let’s get started and solve your first Avatao Tuesday challenge
Have fun! ????
How can we make security education a whole lot more accessible and fun? The tutorial framework is the answer. In this article we dive into how to create interactive learning environments running inside containers. The Phantom Menace Something is not quite right with...
Containers have been around for over a decade. Yet before Docker’s explosive success beginning in 2013 they were not wide-spread or well-known. Long gone are the days of chroot, containers are all the rage, and with them we have a whole new set of development and...
Cybersecurity: a tough reality Cybersecurity is an inherently negative asset. As with any protective measure, the major challenge is to measure the value (or Return on Investment, ROI) of cybersecurity. It is significantly more difficult to make this value apparent to...