this post was submitted on 01 Feb 2024
17 points (94.7% liked)

No Stupid Questions (Developer Edition)

947 readers
1 users here now

This is a place where you can ask any programming / topic related to the instance questions you want!

For a more general version of this concept check out [email protected]

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
LinearArray
17
How do you secure your home network/pc? (self.no_stupid_questions)
submitted 1 year ago by TempestTiger to c/no_stupid_questions
3 comments fedilink hide all child comments
 

So I'm a baby dev, still in Uni and they don't allow internships in 4th year due to some issues with it so not even that exp wise.

I don't know enough, and I'm trying to learn but there's so much! My Uni degree doesn't cover security at all. Which is shit, bc I think I want to work in that? Mostly I'm just spooked and want to understand everything I can 'cause I love the internet and want to feel safer wandering about it.

I'm scared of clicking on links. Even ones here, like there was a post about a book list earlier and I was just there like "Cmoon.... someone please have posted the lissssst."

Would anyone be willing to share what they do for their own security? Especially if it's ridiculously over the top. Included reasonings and details would be adored!

Also, if anyone has any books or references that might be good for learning sec from a programmatic view rather than a IT view I'd really love that! Anything at all.

Regardless, hope anyone reading this has an absolutely wonderful day and best of luck with everything you're up to!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 1 year ago

Regarding books, I don't know if too many. There's a lot to cover.

  • do not write your own crypto. The closer you can get to letting someone else do everything the better off you'll be. Oauth or saml based login providers are great, because they handle basically everything.
  • assume everything from the user or "outside" is evil.
  • put a length limit on things, even if it's big.
  • don't put security in the UI. Once the user is running it, it can lie to you as well.
  • don't keep data you don't need.
  • validate your inputs. Check to make sure that date is actually a date before writing it to the DB.
  • always use prepared DB statements. Make sure whatever you're doing escapes SQL. Really truly never build SQL statements by putting data from the user into a string.
  • don't use default credentials, and don't build default credentials into your apps.

https://juice-shop.herokuapp.com/ That's a test app from owasp, a respected name in Internet security. A great way to learn to not make mistakes is to take advantage of them. This helps you do that.
https://owasp.org/www-project-top-ten/ They maintain a list of the most popular mistakes. Read them, and don't do them.

Ctfs are "capture the flag" competitions. They're a good way to get a feel for what different vulnerabilities there are, and how they work.

https://picoctf.org/index.html#picogym

That's a good one to play with at first, since it's got good puzzles. You'll learn some SQL injection at least.

A lot of low level security is automated in checks that run against code, or should be. Big security issues tend to be architectural.