Where to learn about cybersecurity?
A subjective short list of tools for IT newbies.
Almost every day we hear a new story about hackers' activity, cracking passwords, or the next massive attacks on our data. The majority of those attacks are based on human factors. But almost no tutorial is teaching programming newbies how to secure your app. So the question is — where to learn about cybersecurity? Below you can find a shortlist of my favorite apps.
Google Gruyere
Gruyere is the name of Swiss, sweet but salty cheese. Application prepared by Bruce Leban, Mugdha Bendre, and Parisa Tabriz from Google has almost as many holes (security vulnerabilities) as the cheese! Working with the web or local versions of the app you play the role of a malicious hacker who wants to exploit bugs and break the app. Step by step you learn new hacking technics and use them to spoil the Gruyere app. After each attack, you get the info on how to avoid a situation like that in your real life. As a big fan of learning based on examples, I strongly recommend that tool. The app is completely free and available under the link: https://google-gruyere.appspot.com/.
Phishing Quiz
The weakest part of the computer system is the human. It’s why phishing (impersonating another person or organization to obtain sensitive data) accounts for 90% of data breaches¹. Unfortunately, distinguishing which message is true and which one is an attempt at data theft is not so easy. To make it easier Google prepared a special quiz (available online under the link: https://phishingquiz.withgoogle.com/). In each of the 8 examples, you have to decide if a message is authentic or dangerous. After that, you not only receive info is your answer correct but also tips on what to look for in real life (e.g. wrong domain in an email address, incorrect link, etc.). The quiz is a really fast and easy way to pay attention to the most critical elements to avoid phishing.
John the Ripper
In contrast to the previous tools, John the Ripper is dedicated to more advanced users. Even a short session with that free open-source password cracker makes you realize why you need a better password. Built-in modes allow cracking passwords with brute-force and dictionary attacks. You can also define your own rules (when e.g. you know that system requires two big letters, one special character, etc). As an admin, you can also use it to detect weak passwords in your database. More info about the program you can find on the official webpage: https://www.openwall.com/john/ or in one of the many tutorials on the Internet.
Summary
Learning about cybersecurity is not an easy process. Of course, in the market, you can find many more applications and resources but in my subjective opinion, the tools I mentioned in the article are a good starting point, especially for beginners. If you found them useful, please follow me or/and clap the button below. And good luck with learning!