Almost every day we hear a new story about hackers activity, cracking passwords or next massive attacks for our data. The majority of those attacks are based on human factors. But almost no tutorial is teaching programming newbie how to secure your app. So the question is — where to learn about cybersecurity? Below you can find a shortlist of my favorite apps.
Gruyere is the name of Swiss, sweet but salty cheese. Application prepared by Bruce Leban, Mugdha Bendre, and Parisa Tabriz from Google has almost as many holes (security vulnerabilities) as the cheese! Working with web or local version of the app you play the role of a malicious hacker who wants to exploit bugs and break the app. Step by step you learn new hacking technics and use them to spoil the Gruyere app. After each attack, you get the info on how to avoid a situation like that in your real life. As a big fan of learning based on examples, I strongly recommend that tool. The app is completely free and available under the link: https://google-gruyere.appspot.com/.
The weakest part of the computer systems is a human. It’s why phishing (impersonating another person or organization to obtain sensitive data) accounts for 90% of data breaches (based on report). Unfortunately, distinguishing which message is true and which one is an attempt at data theft is not so easy. To make it easier Google prepared a special quiz (available online under the link: https://phishingquiz.withgoogle.com/). In each of the 8 examples, you have to decide if a message is authentic or dangerous. After that, you not only receive info is your answer correct but also tips on what to look for in real life (e.g. wrong domain in an email address, incorrect link, etc.). The quiz is a really fast and easy way to pay attention to the most critical elements to avoid phishing.
In contrast to the previous tools John the Ripper is dedicated to more advanced users. Even a short session with that free on open-source password cracker makes you realize why you need a better password. Built-in modes allow cracking passwords with brute-force and dictionary attacks. You can also define your own rules (when e.g. you know that system requires two big letters, one special character, etc). As an admin, you can also use it to detect weak passwords in your database. More info about the program you can find on the official webpage: https://www.openwall.com/john/ or in one of the many tutorials on the Internet.
Learning about cybersecurity is not an easy process. Of course, in the market, you can find many more applications and resources but in my subjective opinion, the tools I mentioned in the article are a good starting point, especially for beginners. Good luck with learning!