YoVDO

Think Like a Hacker

Offered By: GOTO Conferences via YouTube

Tags

GOTO Conferences Courses Cybersecurity Courses Ethical Hacking Courses Risk Management Courses Encryption Courses Application Security Courses Secure Software Development Courses Data Security Courses Multi-Factor Authentication Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the mindset of a hacker in this insightful conference talk from GOTO Berlin 2019. Delve into the world of cybersecurity as Matt Brunt, a Dungeon Master, Code Tinkerer, and Cybersecurity Pro, shares valuable insights on protecting your systems by understanding attack strategies. Learn about different types of hackers, their motivations, and what makes organizations attractive targets. Discover practical steps to reduce security risks, including embedding security considerations throughout project workflows, limiting access, proper data storage practices, and implementing HTTPS. Gain knowledge on avoiding common pitfalls like trusting user input, reusing passwords, and neglecting package updates. Understand the importance of curiosity in identifying vulnerabilities and the principle of least privilege. Cover essential topics such as encryption, password hashing, and the OWASP Top Ten. Leave with a comprehensive understanding of how to think like a hacker to better secure your systems and data.

Syllabus

Intro
Black hat: hacker doing evil White hat: hacker doing good Grey hat: hacker hacking
Why do they do it?
Financial gain Reputation Corporate reasons
What makes you a target?
Popularity Politics & perspective People Pot-luck
What can you do to start reducing risk?
No magic solution
Embed security considerations into the whole project workflow
It is every developers responsibility
The people problem
Limit who has access to what
Where is your data stored?
Who are the third parties you trust with
You can't lose what you don't have
HTTPS all the things
Check your repos for secrets
Check your public sites for secrets
Curiosity "what if..."
Don't trust user input
I'd like to be removed from the mailing list please
Use prepared statements
Don't trust data
Broken access control
Don't trust users input
Broken authentication
Don't re-use passwords
Don't allow your users to re-use passwords
pwned passwords API
Use Multi Factor Authentication
What packages do you trust in your application?
Keep them up-to-date
You have more surface area than you might think
Mistakes will happen
Evaluate who you trust with data Security at all stages of the project Principle of least privilege Encrypt data in transit and at rest Check for public secrets Don't trust users & input Hash passwords properly Ensure your components aren't vulnerable OWASP Top Ten
Always be curious


Taught by

GOTO Conferences

Related Courses

MongoDB for .NET Developers
MongoDB University Web Application Development – Capstone Course
University of New Mexico via Coursera Ciberseguridad: ataques y contramedidas
Universidad Rey Juan Carlos via Independent Reliable Cloud Infrastructure: Design and Process auf Deutsch
Google Cloud via Coursera Securing and Integrating Components of your Application 日本語版
Google Cloud via Coursera