Pentesting with Daniel Slater (Ethical Hacking/Web Security)

Define bug, vulnerability, and exploit; outline top web security risks; and introduce pentesting, social engineering, firewalls, zero days, payloads, mainframes, and white, gray, and black hat ethics.

Explore how attack surface expands from static web pages to social media and physical devices, identifying vectors from APIs and media uploads to lock mechanisms and access controls.

Demonstrate how brute force can accelerate cybersecurity research by balancing quick script development with smart techniques like birthday attacks to test passwords using common datasets.

Develop a security mindset that balances usefulness with security from the start. Assess the value at risk, costs of hacks, and the weakest link to prevent design flaws.

Explore client and server side security, emphasizing that client-side checks are unreliable and server-side validation is essential. Use Burp Suite to test cookies, requests, and potential privilege escalation.

Learn how hashing verifies data integrity by appending a secret and rehashing to detect tampering, and how hashes protect passwords and enable downloadable file verification.

Explore rainbow tables and collision attacks on hashed passwords, and learn defenses like salting to localize attacks and peppering to add extra secrecy, with practical considerations.

Use battle-tested hashes like SHA-3 and avoid crafting your own, and rely on established password storage with salt and pepper via authentication libraries, prioritizing verification over hiding data.

Learn how encryption protects data and communications, compare symmetric and asymmetric schemes, and why private keys must stay secret; avoid building your own cryptography and rely on battle-tested options.

Learn about cross site request forgery (csrf), how an authenticated user can be tricked into unwanted actions, and how cross origin resource sharing helps defend against it.

Learn how misconfiguration in production, debug mode, and weak secrets create risk. Implement automated checks, minimal privileges, and safe rollback using Django and simple architecture.

Assess external packages with a security mindset by evaluating stars, activity, issues, deprecations, and typosquatting signals, spending 1–5 minutes per package, up to 30 minutes for high-security apps.

Learn when to implement code or import proven libraries to reduce risk, avoid reinventing well known formats, and rely on reputable cryptography and data-access libraries to minimize attack surfaces.

Monitor and respond to hacks by examining shocking figures: average breach discovery at 197 days, containment in 69 days, and 72-hour reporting fines up to 20 million euros.

Explore honeypots by deploying fake staging servers and decoy services to detect attacker activity, map your assets, and understand the attackers’ probing and intrusion techniques.

Contain and assess a breach, notify customers, and review the incident with a blameless, factual approach, while strengthening defense through logging, alerting, and incident response planning.