Your first Avatao Tuesday

Written by Gábor Pék

Avatao Tuesday

How to get started in computer security? I think this is the first question that people raise when they are about to learn computer security. Here is a good answer from Parisa Tabriz, computer security expert at Google.

Back in time, this was my first question as well, because I was amazed by the huge range of interesting topics I wanted to dig into deeper. The rabbit hole, however, is really deep and if you cannot focus enough you’ll get lost easily. That’s why I believe that guidance and diligence are the keys to master a certain aspect of computer security. Guidance comes from friends, blogs, online courses, classrooms, IRC and so on, but diligence must come from you. You have to push yourself beyond your limits with continuous deliberate practice. You have to start right now, because this is the right moment.

Yes, your hands will be dirty, but this is the cost of the knowledge you envisioned.

Start education with Avatao!

We, the team at Avatao, raised the bar high, too. We are inviting you for a journey by releasing a new security challenge with a small guidance on Tuesdays.

These Avatao Tuesday challenges will give you insight into different topics to show you how exciting computer security can be. The only thing you need is determination even if you are entirely new to this area. We will give you hints and recommended readings if you are entirely lost.

First Avatao Tuesday

All right, it’s high-time to get started.

Our very first challenge is about the notorious Cross-Site Scripting (XSS) attack. XSS allows attackers to inject malicious client-side scripts into benign websites. The next time when a victim user visits the affected site this malicious script is executed in his/her browser. As the browser cannot make difference between legitimate and malicious scripts, these scripts can access session tokens, cookies or other sensitive information. This way, an attacker can hijack identities or even rewrite HTML pages. The problem mainly stems from the lack of proper input validation.

For more information, read the corresponding tutorial on OWASP

All right, let’s get started and solve your first Avatao Tuesday challenge

Have fun! ????

Related Articles

The Tutorial Framework: Containerizing IT Security Knowledge

The Tutorial Framework: Containerizing IT Security Knowledge

How can we make security education a whole lot more accessible and fun? The tutorial framework is the answer. In this article we dive into how to create interactive learning environments running inside containers. The Phantom Menace Something is not quite right with...

How cybersecurity contributes value to business

How cybersecurity contributes value to business

Cybersecurity: a tough reality Cybersecurity is an inherently negative asset. As with any protective measure, the major challenge is to measure the value (or Return on Investment, ROI) of cybersecurity. It is significantly more difficult to make this value apparent to...