Hacker101: Free class for web security. Let’s break some stuff


I’ve been hacking for a long time. Ever since I can remember, I’ve enjoyed the thrill of sharing knowledge and collaborating with other hackers. In this world, there’s always something new to learn and something new to teach.

That’s why 5 years ago, I created a syllabus and launched the course: Breaker 101. It started with a syllabus and a single post on Hacker News. I didn’t know if anyone was going to sign up … and then it sold out that afternoon.

I never thought that it would take off the way it did. I was able to work with hundreds of students assisting them in their learning journey and helping them get placed in quality infosec jobs.

I was hooked and I knew I wanted to grow it into something more, bigger, better. That was a big reason why I joined HackerOne. I could not be more happy to be part of this team and be able to provide to you — for free — all my original content.

Hacker101 is a free class for web security. Whether you’re a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you.

As of today, there are 14 sessions in Hacker101, covering:

  • Tools of the trade

  • Cross-site scripting

  • Cross-site request forgery

  • SQL injection

  • Fundamentals of the web and how they impact security

  • Directory traversal

  • Command injection

  • Session fixation

  • Clickjacking

  • File inclusion

  • File upload vulnerabilities

  • Crypto fundamentals and how to break commonly seen crypto

  • And much, much more

But it doesn’t stop there. I’m going to be adding a lot more content, with the help of some of my HackerOne colleagues and community members.  As of now I plan to release content about once every two months and I’d love to get your feedback on what I should cover next.

To start, here’s a few ideas I have:

  • How to threat model without wasting time

  • How to write great bug reports

  • Mobile application testing

    • Bypassing certificate pinning

    • Identifying dangerous storage of data

    • Finding unintentionally exposed data

    • Bypassing geofencing

  • ROP, JOP, and other modern exploitation techniques

  • Using the GPU to break kernels

You can check out the Hacker101 page for the course syllabus and links to all the content.

The HackerOne community is strong. I’m here to make it stronger, and do my part to help build better hackers.

Got some cool content you’d like to see added? Let us know! And tweet at me with #hacker101 — I’d love to hear how you like it and how we can improve because we’re just getting started!

Happy breaking,

Cody Brocious (Daeken)


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.





Source link