100% security does not exist on the internet. Every day new challenges and dangers arise that must be taken into account by the person in charge of the security of a personal website or a company. This article starts from a phrase: “Hack yourself first“, that is, first hack yourself. First put yourself in the mind of a potential attacker and check your website to see how weak it may be.
Jeremiah Grossman is a world-renowned expert on Internet security and the founder of WhiteHat Security, where he oversees web security, R&D. Grossman is a “self-confessed” hacker and Maui High graduate who speaks at top universities and conferences around the world. In the following video he talks about the concept of Hack yourself first.
Hack yourself first course
There is a course created by troyhunt.com entitled Hack Yourself First: How to go on the cyber-offence. Study a website that is full of security holes and that serves to explain many valuable concepts that you have to know.
This course is designed to help web developers across all frameworks identify risks on their own websites before attackers do and you can use the sample site to demonstrate the risks. The course is free and you can browse that site and watch the course to check both the risks and mitigations of potential threats. The database on the sample web page is rebuilt frequently so any changes you make won’t be forever.
50 security holes at least
The prevalence of online attacks against websites has accelerated rapidly and the same risks continue to be exploited. However, these are often easily identified directly within the browser; it’s just a matter of understanding the vulnerable patterns to look for. There are more than 50 security holes on the website and its security is quite sloppy.
Hack Yourself First is about developers developing cybercrime skills and proactively looking for security vulnerabilities in their own websites before an attacker does.
Troy Hunt has developed a website that he says is terrible, full of security holes. The address of the website is https://hackyourselffirst.troyhunt.com/ and goes from a luxury car website.
Tools to use
There are several tools that will allow you to monitor a website. Among them the inspected of events of Firefox or Chrome and the Fiddler Web debugging and intruder21. All these tools are used in the course and if you are going to follow it I recommend installing them.
In the following video you can see a presentation made by Troy Hunt talking about his vulnerable page.