How to get started in computer security? I think this is the first question that people raise when they are about to learn computer security. Here is a good answer from Parisa Tabriz, computer security expert at Google.
Back in time, this was my first question as well, because I was amazed by the huge range of interesting topics I wanted to dig into deeper. The rabbit hole, however, is really deep and if you cannot focus enough you’ll get lost easily. That’s why I believe that guidance and diligence are the keys to master a certain aspect of computer security. Guidance comes from friends, blogs, online courses, classrooms, IRC and so on, but diligence must come from you. You have to push yourself beyond your limits with continuous deliberate practice. You have to start right now, because this is the right moment.
Yes, your hands will be dirty, but this is the cost of the knowledge you envisioned.
We, the team at Avatao, raised the bar high, too. We are inviting you for a journey by releasing a new security challenge with a small guidance on Tuesdays.
These Avatao Tuesday challenges will give you insight into different topics to show you how exciting computer security can be. The only thing you need is determination even if you are entirely new to this area. We will give you hints and recommended readings if you are entirely lost.
All right, it’s high-time to get started.
Our very first challenge is about the notorious Cross-Site Scripting (XSS) attack. XSS allows attackers to inject malicious client-side scripts into benign websites. The next time when a victim user visits the affected site this malicious script is executed in his/her browser. As the browser cannot make difference between legitimate and malicious scripts, these scripts can access session tokens, cookies or other sensitive information. This way, an attacker can hijack identities or even rewrite HTML pages. The problem mainly stems from the lack of proper input validation.
For more information, read the corresponding tutorial on OWASP
Have fun! 🙂