This course will be retired on June 1, 2025.
Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Start a free Courses trial
to watch this video
Over the last three stages, we’ve covered all top 10 of OWASP’s most common web security vulnerabilities, including how to mitigate them in practice in JavaScript and Node.js applications. From here, the options for learning are limitless. Many online and offline tools are available to practice web security, from exploiting vulnerable apps setup in VMs to online “war” games, this video will explore many of those options.
Further Reading:
Vulnerable web applications (and software applications)
- WebDojo - Has an array of different vulnerable websites built in that you can follow along tutorials while exploiting them.
- Gruyere A VM and web application that shows how web application vulnerabilities can be exploited and how to defend against these attacks. You get to do real penetration testing, actually exploiting a real application
- OWASP Broken Web Apps Project - A VM for exploring many broken web apps and learning about web security along the way.
- Protostar - Introduces in a friendly way, network programming, byte ordering, handling sockets, stack overflows, format strings, and heap overflows.
- Nebula - Takes the participant through a variety of common (and less than common) weaknesses and vulnerabilities in Linux, including permissions, $PATH weaknesses, race conditions, SUID files, and more.
Online security challenges
OverTheWire - Has several very focused wargames, including:
- Bandit - A fun intro to the command line
- Natas - Website exploitation
- Krypton - Intro to Cryptography
-
Semtex - Programming and networking challenges
-
EnigmaGroup - Has a wide selection of wargames. Notable are the multi-stage “realistic scenarios”.
- HackThisSite - Another wide selection. The ‘Basic’ and ‘ExtBasic’ challenges are good introductory material.
- SmashTheStack - Binary exploitation, buffer overflows, disassembly and more fun
- MicroCorruption - Embedded security, assembly, and binary exploitation
- MicroCorruption - Embedded security, assembly, and binary exploitation
- CryptoPals - Introduction to breaking cryptography
- Pwnable - More reverse engineering challenges
- W3Challs - Wide range of challenges and learing: "Hacking, "Cracking, Wargame, Forensic, Cryptography, Steganography and Programming"
-
IO NetGarage - More reverse engineering challenges, harder than others
Beyond Web Application Security
Network Security:
Cryptography:
-
https://learncryptography.com/
-
http://www.cs.umd.edu/~jkatz/imc.html
-
https://github.com/sobolevn/awesome-cryptography
Reverse Engineering and Malware Analysis:
-
https://github.com/onethawt/reverseengineering-reading-list
-
https://github.com/rshipp/awesome-malware-analysis
-
https://github.com/RPISEC/Malware
Digital Forensics and Incident Response:
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up