tutorials

tutorials copied to clipboard

#+OPTIONS: tags:nil

• TL;DR

• Securing The Stack (StS) provides developers with concise information security tutorials
• Go to [[https://securingthestack.com][Securing The Stack]] and watch a tutorial :)

• Table Of Contents :TOC_2_gh:noexport:

• [[#tldr][TL;DR]]
• [[#securing-the-stack-sts-core-values][Securing The Stack (StS) Core Values]]
  • [[#developer-focused][Developer-Focused]]
  • [[#learning-by-doing][Learning-By-Doing]]
  • [[#concise][Concise]]
  • [[#frequent][Frequent]]
  • [[#multi-disciplinary][Multi-Disciplinary]]
  • [[#intuitive][Intuitive]]
• [[#environment-setupnavigation][Environment Setup/Navigation]]
• [[#errors][Errors]]
  • [[#error-is-not-related-to-a-tutorials-codeconfigs][Error is NOT related to a tutorial's code/configs]]
  • [[#error-is-related-to-a-tutorials-codeconfigs][Error IS related to a tutorial's code/configs]]
• [[#additional-help][Additional Help]]
• [[#tos][TOS]]

• Securing The Stack (StS) Core Values ** Developer-Focused
  • StS provides developers with information security tutorials
  • Tutorials are aimed at developers who have beginning/intermediate security knowledge ** Learning-By-Doing
  • Most tutorials provide a local environment for developers to practice what they've learned
  • Every example is based on real world threats ** Concise
  • Most tutorials are less than 15 minutes
  • If desired, a developer can go more in-depth via a tutorial's ~Additional Resources~ section
    • E.g., ~TUTORIAL_NAME/readme.md#additional-resources~ ** Frequent
  • Multiple releases per month
    • Starting Jan 2018 ** Multi-Disciplinary
  • While coding examples are written in Javascript, most tutorials will link to additional resources for developers who want to explore the topic from other languages
    • This with can be found at ~TUTORIAL_NAME/readme.md#additional-resources~
    • Where possible, additional resources will be available for: Python, Java, Ruby, PHP, Javascript ** Intuitive
  • Each tutorial contains a ~Knowledge Dependency Tree~ that allows a developer to quickly identify gaps in knowledge
    • This is essentially a granular prerequisite list (but even better) :)
    • This with can be found at ~TUTORIAL_NAME/readme.md#knowledge-dependency-tree~
• Environment Setup/Navigation

1. Download [[https://www.docker.com/community-edition][docker]]
   1. NOTE: If you're on Windows, please setup your environment to support linux-based containers
2. ~git clone [email protected]:SecuringTheStack/tutorials.git~
3. ~cd tutorials~
4. ~cd~ into a tutorial's directory
   • Each coding example should contain the directory within the comments
   • Ex: ~// File: ep9-injection-fundamentals-part-1/src/1/app.js~
     • So we would ~cd ep9-injection-fundamentals-part-1~
5. Bootstrap the example
   • Run the shell command that you see in the slides
   • Ex: ~EX_NUM=1 docker-compose up~
   • Whenever you change the ~File~ (from step 4), the container will automatically refresh

• Errors

• To easily see if an error has been previously reported
  1. Find the tutorial's directory within this repo
  2. Review the ~readme.md~'s ~Error Log~ section ** Error is NOT related to a tutorial's code/configs

1. Find the tutorial's directory within this repo
2. Review ~readme.md~ and find the slide with the error
3. Add a ~FIXED-ERROR~ bullet under the problematic text
   • As a sub-bullet of ~FIXED-ERROR~, explain the correction ** Error IS related to a tutorial's code/configs
4. Find the tutorial's directory within this repo
5. Find the erroneous file
6. Submit a PR with the fix
   1. Make a comment above your fix with a brief description of the change
   2. Prepend ~FIXED-ERROR~ to this comment
7. Do a global search to find other areas that might have this error

• Additional Help

• Feel free to open an issue

• TOS Limit of Liability/Disclaimer of Warranty: The information in this site is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, the author shall NOT have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it.