📌
Software Security
  • README
  • Prerequisites
    • Prerequisites
  • Introduction
    • Cyber security principles
    • Basic web concepts
      • HTTP
      • JavaScript
      • Cookies
      • SQL
      • DOM
      • APIs and the multitier architecture
    • Basic browser security concepts
      • Same-Origin Policy (SOP)
      • Cross-Origin Resource Sharing (CORS)
      • Cookies
      • Tracking
    • Basic security concepts
      • Hashing
  • Access Control: Basics
    • Authentication
      • Passwords
      • Password managers
      • Attacking passwords - online
      • Attacking passwords - offline
    • Authorization
      • Insecure direct object references
    • Session Management
    • CSRF
      • CSRF: why & how it works
      • Protecting against CSRF attacks
    • SSRF
      • SSRF: how it works and how we can protect against it
  • Access Control: Advanced
    • Authentication
      • Federation
      • Alternative authentication mechanisms
      • FIDO2 and WebAuthn
  • Injection attacks
    • Injection attacks
    • SQL Injection
    • Command Injection
    • Cross-site scripting
      • Input validation
      • Context sensitive output encoding
      • About the HttpOnly flag
      • Content Security Policy
    • Subresource integrity
    • Sandboxing
  • HTTPS
    • HTTPS
    • Introduction to cryptography
    • PKI
    • Setting up HTTPS
    • References
  • HTTP Headers for security
    • HTTP Headers
  • Threat Modeling
    • Threat modeling introduction
    • Threat modeling basics
    • Inspiration for threats
  • Bringing it all together
    • A comprehensive overview of controls
Powered by GitBook
On this page
  • Register a free domain name
  • Create accounts on the following

Was this helpful?

  1. Prerequisites

Prerequisites

Register a free domain name

Most of the exercises accompanying this course can be executed in a local environment. However, certain exercises may prove to be more meaningful when executed in a 'real' environment using real domain names. While some providers exist that offer free (sub)domains such as noip.com, being able to manage the DNS records usually is a premium service.

One combination that is free, at least at the time of writing this course, is by using the .tk top level domain for which registrars provide free domains. One such registrar is Freenom (https://www.freenom.com/en/index.html?lang=en). While Freenom also allows you to manage DNS records, I have found it not to be stable, so I recommend to immediately change the nameservers of the domain you registered for free at Freenom to those of https://freedns.afraid.org/.

In summary, please execute the following steps:

  • register a free domain at https://www.freenom.com

  • configure its nameservers to those of afraid.org as explained in https://freedns.afraid.org/domain/add.php

While some of you perhaps won't be needing the domain to sucessfully finish the course, registering a domain and changing the nameservers is for sure already a good introductory exercise.

Create accounts on the following

The following applications are typically free (to a certain extent), and will make your life easier when you want to test out some things throughout this course. I highly recommend you already create accounts on these platforms now, so you do not have to worry about that later:

  • github.com

  • heroku.com

  • runkit.com

  • netlify.com

PreviousREADMENextCyber security principles

Last updated 3 years ago

Was this helpful?